[389-users] RO Access to Consumers
Nick Cappelletti
nick at switchtower.com
Wed Nov 9 19:17:50 UTC 2011
I've been using dirsrv for some time now, but have always had issues with the RO access on the consumers. I recently started looking into it again, but I'm still having issues with how to truly restrict write access to them.
Here is my problem: I have a single master with 3 consumers. I can make changes to the master, with those changes replicating down to the consumes with no problems. BUT, I can login to the consumer and make changes to the DB, luckily it doesn't get replicated back up to the master.
I have tried a few things; 1: setting nssldapd-readonly to 'on' (which caused major issues on the consumers) in cn=ldbm database,cn=plugins,cn=config; and I've also tried updating the nsds5replicatype to 2, which should set it to a consumer (read-only replica).
I'm not sure if there is a way to do it with host specific ACI's but if anyone has any suggestions, I all ears. :)
Thanks, and I look forward to any comments you might have.
Nick Cappelletti
nick at switchtower.com
More information about the 389-users
mailing list