directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Griffin (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1988) Replication does not copy subentries at BaseDN
Date Mon, 18 Aug 2014 16:34:18 GMT


Eric Griffin commented on DIRSERVER-1988:

I'm seeing this issue as well, however, I've noticed that replication of subentries at BaseDN
does work if BaseDN is:
DN: o=something

If BaseDN is:
DN: dc=something
DN: dc=something,dc=com
then replication does not work.

> Replication does not copy subentries at BaseDN
> ----------------------------------------------
>                 Key: DIRSERVER-1988
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M16, 2.0.0-M17
>         Environment: CentOS 6
>            Reporter: Ashton Davis
> Problem: Setting up replication for a particular partition doesn't copy context entries
for the base DN.
> Cause: This is a theory, but I think that because the partition is created and dc=ntent,dc=com
exists prior to replication, the replication engine isn't updating it with the correct context
entry (administrativeRole), which is a blocker for importing the ACISubEntry (if administrativeRole
is not defined on the parent, the server won't allow the ACISubEntry to be created).
> Steps to replicate:
> I have a top-level ACI to control access to an entire partition.  It's applied at the
> DN: dc=ntent,dc=com
> administrativeRole: accessControlSpecificArea
> My ACI Subentry lives under the BaseDN
> DN: cn=ntentAuthRequirementsACISubentry,dc=ntent,dc=com
> When I set up replication, I follow these steps:
> 1) Extend schema as required
> 2) Create parition, enable access control
> 3) Restart ApacheDS
> 4) Set up replication and restart ApacheDS
> After a few successful synchronizations, all entries (including context entries) are
imported EXCEPT for dc=ntent,dc=com.
> As stated above, I think the ACI subentry itself would be replicated, but it's being
blocked from doing so by the server, because administrativeRole is a requirement for an ACI

This message was sent by Atlassian JIRA

View raw message