We have a sun directory server being installed with a product we have purchased. We had hoped to use the ldap as a single source for information and login. The problem is, the ldap is locked down and the company does not support any acl modifications. Is there a replication method that would allow us to replicate the data but modify the acls on the consumer server? Any thoughts or ideas?
thanks
yes i think...Replication can be done between two ldap servers and the data will be automatically be replicated in the consumerserevr.
but when you define the replica as an consumer,You cannot make modifcations on the consumer. and the ACI's can be modified on the consumer. You can create new ACI's or modify the ACI's on the Consumer as i was able to do so on my Setup that has one master and two consumers...I am able to define ACI's on the Consumer.
Thanks for the info, sounds like good news. Couple further question though. The ACI's on the consumer are not replicated back to the master correct? Also, if we modify and ACI on the consumer will that modification be replaced on the next synch?
thanks again
Ya the ACI's are getting replicated in my environment when i modify or create an ACI on the consumer...I dont know whether this should be happening or not?
> The problem is, the ldap is locked down and the
> company does not support any acl modifications. Is
> there a replication method that would allow us to
> replicate the data but modify the acls on the
> consumer server? Any thoughts or ideas?
>
> thanks
Not sure quite what you mean here.
ACIs are part of the data in your directory, and in general are replicated to all consumers just like other data.
DS6 has the ability to set ACIs on the root DSE; these ACIs are specific to each server and not replicated. I don't believe this was supported in DS5.2 and earlier. It's possible this may be a good answer for you.
But, it kind of sounds like you're being delivered a directory service that you can't modify to your needs. This probably won't serve you well in the long run.
