You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ashton Davis (JIRA)" <ji...@apache.org> on 2014/07/22 19:30:41 UTC
[jira] [Created] (DIRSERVER-1988) Replication does not copy
subentries at BaseDN
Ashton Davis created DIRSERVER-1988:
---------------------------------------
Summary: Replication does not copy subentries at BaseDN
Key: DIRSERVER-1988
URL: https://issues.apache.org/jira/browse/DIRSERVER-1988
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 2.0.0-M16, 2.0.0-M17
Environment: CentOS 6
Reporter: Ashton Davis
Problem: Setting up replication for a particular partition doesn't copy context entries for the base DN.
Cause: This is a theory, but I think that because the partition is created and dc=ntent,dc=com exists prior to replication, the replication engine isn't updating it with the correct context entry (administrativeRole), which is a blocker for importing the ACISubEntry (if administrativeRole is not defined on the parent, the server won't allow the ACISubEntry to be created).
Steps to replicate:
I have a top-level ACI to control access to an entire partition. It's applied at the BaseDN
DN: dc=ntent,dc=com
administrativeRole: accessControlSpecificArea
My ACI Subentry lives under the BaseDN
DN: cn=ntentAuthRequirementsACISubentry,dc=ntent,dc=com
When I set up replication, I follow these steps:
1) Extend schema as required
2) Create parition, enable access control
3) Restart ApacheDS
4) Set up replication and restart ApacheDS
After a few successful synchronizations, all entries (including context entries) are imported EXCEPT for dc=ntent,dc=com.
As stated above, I think the ACI subentry itself would be replicated, but it's being blocked from doing so by the server, because administrativeRole is a requirement for an ACI subentry.
--
This message was sent by Atlassian JIRA
(v6.2#6252)