Table of Contents
Advertisement
Solving Common Replication Conflicts
Solving Potential Interoperability Problems
For reasons of interoperability with applications that rely on attribute uniqueness
such as a mail server, you might need to restrict access to the entries which contain
the
nsds5ReplConflict
the applications requiring one attribute only, will pick up both the original entry
and the conflict resolution entry containing the
operations will fail.
To restrict access you need to modify the default ACI that grants anonymous read
access, using the following command:
ldapmodify -h hostname -D "cn=Directory Manager" -w passwd
> dn: dc=example,dc=com
> changetype: modify
> delete: aci
> aci: (target ="ldap:///dc=example,dc=com")(targetattr
!="userPassword")(version 3.0;acl "Anonymous read-search
access";allow (read, search, compare)(userdn = "ldap:///anyone");)
> -
> add: aci
> aci:
(target="ldap:///dc=example,dc=com")(targetattr!="userPassword")
(targetfilter="(!(nsds5ReplConflict=*))")(version 3.0;acl "Anonymous
read-search access";allow (read, search, compare)
(userdn="ldap:///anyone");)
> -
The new ACI contains filters out all entries that contain the
attribute from search results.
For more information on the
From the Command Line," on page 54 and Netscape Directory Server Configuration,
Command, and File Reference.
334
Netscape Directory Server Administrator's Guide • August 2002
attribute. If you do not restrict access to these entries, then
command, refer to "Managing Entries
ldapmodify
nsds5ReplConflict
nsds5ReplConflict
and
Advertisement
Table of Contents
Troubleshooting
