On 11/09/2011 12:17 PM, Nick Cappelletti wrote: > I've been using dirsrv for some time now, but have always had issues with the > RO access on the consumers. I recently started looking into it again, but > I'm still having issues with how to truly restrict write access to them. > > Here is my problem: I have a single master with 3 consumers. I can make > changes to the master, with those changes replicating down to the consumes > with no problems. BUT, I can login to the consumer and make changes to the > DB, luckily it doesn't get replicated back up to the master. What should happen is that when you attempt to modify a hub or dedicated consumer, your client should get back a referral to a master. Can you post your consumer's replica configuration, and excerpts from your consumer's access log showing a successful MOD operation? > I have tried a few things; 1: setting nssldapd-readonly to 'on' (which caused > major issues on the consumers) in cn=ldbm database,cn=plugins,cn=config; and > I've also tried updating the nsds5replicatype to 2, which should set it to a > consumer (read-only replica). So it sounds as though you have originally set up these consumers as masters (type 3) and you want to "demote" them to be read only consumers? > I'm not sure if there is a way to do it with host specific ACI's but if > anyone has any suggestions, I all ears. :) You can have acis based on DNS name or IP address. > Thanks, and I look forward to any comments you might have. > > Nick Cappelletti > n...@switchtower.com > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
