|
On 08/17/2018 11:51 AM, Sergei
Gerasenko wrote:
Hi,
I’ve been using repl-monitor.pl for monitoring
replication problems. I would like to use an account with a
minimal set of permissions needed for the functionality. I
created a user and added the permission to Read Replication
Agreements. Now the user can read the agreements but fails on:
$ruv =
$conn->search($replicaroot, "one”,
"(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectClass=nsTombstone))”,
0, qw(nsds50ruv nsruvReplicaLastModified nsds5AgmtMaxCSN));
Rather, the $ruv is empty after that call. When
running with a privileged account, everything works.
What are the permissions needed for that search to
work for a brand new account?
Add an ACI to this entry (using your suffix of course) allowing the
user or group to read/search/compare:
dn: cn=replica,cn=o\3Dmark,cn=mapping tree,cn=config
That should do it :-)
Mark
Thanks,
Sergei
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/GDN34STFNX75CJRSNR55DIR2WDOJ5BFZ/
|
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/RXN3MGCEHKUP6MFNSRLNEQAADX3G5CM3/
