I want to check the status of replication agreements, but I don't want to use the directory manager's credentials to do so. I want to use bind credentials for a dn that only has read access. Is an ACI what I need? If so, how? I've tried several, but they don't work as I intended. One thing I'm uncertain of, is which dn to associate the aci attribute with. I've tried these: cn=config cn=mapping tree,cn=config dc=example,dc=com and the actual dn of the replication agreement object. I'm also not certain of the target to use in the aci. I've tried these: (targetfilter = "(objectClass=nsds5ReplicationAgreement)") and (target="ldap:///cn=*,cn=replica,cn=*,cn=mapping tree,cn=config") Any ideas what I'm doing wrong? Thanks -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin 414-290-6759 -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
