Quanah Gibson-Mount <qua...@symas.com> wrote:
> > emm ... I was sure I can not do that on the master side ... just I try
> > do that, I receive full data ...
>
> Then likely your ACLs were incorrect?
yes, they were
at last I was able to fix that and get it working the way (I believe) I want:
---[ slave configuration quotation start
]-------------------------------------------
...
syncrepl rid=0
...
searchbase="dc=example"
...
...
---[ slave configuration quotation end
]-------------------------------------------
---[ master configuration quotation start
]-------------------------------------------
...
access to dn.children="cn=example-accesslog"
by dn.one="ou=repl,ou=system,dc=example" read
by * break
access to
dn.regex="^uid=(.*)@(.*),authorizedService=(mail|xmpp)@(.*),uid=(.*),ou=People,dc=example$"
attrs=entry,entryCSN,entryUUID,objectClass,cn,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,telephoneNumber,authorizedService,mu-mailBox
by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
by * break
access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example"
by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
by * stop
...
# the final ACL
access to *
by set="[cn=admin,ou=group,dc=example]/memberUid & user/uid" write
by peername.ip=127.0.0.1 read
by self read
by users search
by * break
...
---[ master configuration quotation end
]-------------------------------------------
thank you all, for help!
--
Zeus V. Panchenko jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
