On 11/09/2011 12:17 PM, Nick Cappelletti wrote: > I've been using dirsrv for some time now, but have always had issues with the RO access on the consumers. I recently started looking into it again, but I'm still having issues with how to truly restrict write access to them. > > Here is my problem: I have a single master with 3 consumers. I can make changes to the master, with those changes replicating down to the consumes with no problems. BUT, I can login to the consumer and make changes to the DB, luckily it doesn't get replicated back up to the master. What should happen is that when you attempt to modify a hub or dedicated consumer, your client should get back a referral to a master. Can you post your consumer's replica configuration, and excerpts from your consumer's access log showing a successful MOD operation? > I have tried a few things; 1: setting nssldapd-readonly to 'on' (which caused major issues on the consumers) in cn=ldbm database,cn=plugins,cn=config; and I've also tried updating the nsds5replicatype to 2, which should set it to a consumer (read-only replica). So it sounds as though you have originally set up these consumers as masters (type 3) and you want to "demote" them to be read only consumers? > I'm not sure if there is a way to do it with host specific ACI's but if anyone has any suggestions, I all ears. :) You can have acis based on DNS name or IP address. > Thanks, and I look forward to any comments you might have. > > Nick Cappelletti > nick@xxxxxxxxxxxxxxx > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
