directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashton Davis (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-1988) Replication does not copy subentries at BaseDN
Date Tue, 22 Jul 2014 17:30:41 GMT
Ashton Davis created DIRSERVER-1988:

             Summary: Replication does not copy subentries at BaseDN
                 Key: DIRSERVER-1988
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 2.0.0-M16, 2.0.0-M17
         Environment: CentOS 6
            Reporter: Ashton Davis

Problem: Setting up replication for a particular partition doesn't copy context entries for
the base DN.

Cause: This is a theory, but I think that because the partition is created and dc=ntent,dc=com
exists prior to replication, the replication engine isn't updating it with the correct context
entry (administrativeRole), which is a blocker for importing the ACISubEntry (if administrativeRole
is not defined on the parent, the server won't allow the ACISubEntry to be created).

Steps to replicate:

I have a top-level ACI to control access to an entire partition.  It's applied at the BaseDN

DN: dc=ntent,dc=com
administrativeRole: accessControlSpecificArea

My ACI Subentry lives under the BaseDN
DN: cn=ntentAuthRequirementsACISubentry,dc=ntent,dc=com

When I set up replication, I follow these steps:
1) Extend schema as required
2) Create parition, enable access control
3) Restart ApacheDS
4) Set up replication and restart ApacheDS

After a few successful synchronizations, all entries (including context entries) are imported
EXCEPT for dc=ntent,dc=com.

As stated above, I think the ACI subentry itself would be replicated, but it's being blocked
from doing so by the server, because administrativeRole is a requirement for an ACI subentry.

This message was sent by Atlassian JIRA

View raw message