Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.0-M16, 2.0.0-M17
-
None
-
None
-
CentOS 6
Description
Problem: Setting up replication for a particular partition doesn't copy context entries for the base DN.
Cause: This is a theory, but I think that because the partition is created and dc=ntent,dc=com exists prior to replication, the replication engine isn't updating it with the correct context entry (administrativeRole), which is a blocker for importing the ACISubEntry (if administrativeRole is not defined on the parent, the server won't allow the ACISubEntry to be created).
Steps to replicate:
I have a top-level ACI to control access to an entire partition. It's applied at the BaseDN
DN: dc=ntent,dc=com
administrativeRole: accessControlSpecificArea
My ACI Subentry lives under the BaseDN
DN: cn=ntentAuthRequirementsACISubentry,dc=ntent,dc=com
When I set up replication, I follow these steps:
1) Extend schema as required
2) Create parition, enable access control
3) Restart ApacheDS
4) Set up replication and restart ApacheDS
After a few successful synchronizations, all entries (including context entries) are imported EXCEPT for dc=ntent,dc=com.
As stated above, I think the ACI subentry itself would be replicated, but it's being blocked from doing so by the server, because administrativeRole is a requirement for an ACI subentry.