On 29/05/05 20:19 +0530, Vickram Crishna wrote:

At 4:26 PM +0530 5/29/05, Vikrant Gaonkar wrote:

...

i have configured a master ldap with LDBM database and have also configured 4 slave ldap's getting updated from this master. now my problem is that these slave ldap's allow me to write on them and if i give only read access to these slave ldap's then they dont even give the master to update the database. can anyone help me out with making the slave ldap's read only to everybody else and write access only to the master.

How about if you identify the master and slave database servers as users (presuming you will run the slaves and master on different machines), give only these users write access on both master and slaves, and read-only to everyone else - assuming you need to update the salve databases as well, otherwise just give the slaves write access to the master?

OpenLDAP is a single master, multi slave design. slurpd handles replication in OpenLDAP, and it needs a dedicated user to be able to write to the slave. The slave does not propagate writes to the master, and hence should be read only for all other users. Attempts to update the salve should return a referral to the parent.

Devdas Bhagat