On 03/06/2013 06:49 PM, Jon Detert wrote:
I want to check the status of replication agreements, but I don't want to use the directory manager's credentials to do so. I want to use bind credentials for a dn that only has read access. Is an ACI what I need? If so, how? I've tried several, but they don't work as I intended. One thing I'm uncertain of, is which dn to associate the aci attribute with. I've tried these: cn=config cn=mapping tree,cn=config dc=example,dc=com and the actual dn of the replication agreement object.
except dc=example,dc=com all should work
I'm also not certain of the target to use in the aci. I've tried these: (targetfilter = "(objectClass=nsds5ReplicationAgreement)") and (target="ldap:///cn=*,cn=replica,cn=*,cn=mapping tree,cn=config")
both should work.
Any ideas what I'm doing wrong?
What does the complete aci look like ? Ludwig
Thanks
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
