Solving Potential Interoperability Problems; Troubleshooting Replication-Related Problems - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Troubleshooting Replication-Related Problems

Solving Potential Interoperability Problems

For reasons of interoperability with applications that rely on attribute uniqueness,
such as a mail server, you might need to restrict access to the entries which
contain the
entries, then the applications requiring one attribute only will pick up both the
original entry and the conflict resolution entry containing the
nsds5ReplConflict,
To restrict access, you need to modify the default ACI that grants anonymous
read access, using the following command:
ldapmodify -h localhost -p 389 -D "cn=Directory Manager" -w
password33
> dn: dc=example,dc=com
> changetype: modify
> delete: aci
> aci: (target ="ldap:///dc=example,dc=com")(targetattr
!="userPassword")(version 3.0;acl "Anonymous read-search
access";allow (read, search, compare)(userdn =
"ldap:///anyone");)
> -
> add: aci
> aci:
(target="ldap:///dc=example,dc=com")(targetattr!="userPassword"
) (targetfilter="(!(nsds5ReplConflict=*))")(version 3.0;acl
"Anonymous read-search access";allow (read, search, compare)
(userdn="ldap:///anyone");)
> -
The new ACI filters out all entries that contain the
from search results.
For more information on the
from the Command-Line," on page 55, and Red Hat Directory Server Configuration,
Command, and File Reference.
Troubleshooting Replication-Related Problems
This section covers the following:
• Interpreting Error Messages and Symptoms
• Useful Tools
368 Red Hat Directory Server Administrator's Guide • May 2005
nsds5ReplConflict
and operations will fail.
ldapmodify
attribute. If you do not restrict access to these
nsds5ReplConflict
command, refer to "Managing Entries
attribute