我希望能够仅同步的子树cn=config,即cn=schema,cn=config:
# {0}config, config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcAccess: {1}to * by * none
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}just_another_secret
olcSyncUseSubentry: FALSE
olcSyncrepl: {0}rid=001 provider=ldap://provider.example.org binddn="cn=consumer
,dc=example,dc=org" bindmethod=simple credentials="secret" searchbase="cn=sch
ema,cn=config" type=refreshOnly filter="(!(cn=*core))" interval=00:00:30:00
retry="5 5 30 +" timeout=1 scope=sub schemachecking=on starttls=yes
但是,如果我将其定义cn=config为影子树(即使对于子树,请参阅searchbase),我就不再被允许修改它。
我的错误是:
modifying entry "cn=config"
ldap_modify: Server is unwilling to perform (53)
additional info: shadow context; no update referral
即使我尝试修改位于-icatedcn=config上层的属性“olcLogLevel” 。syncreplcn=schema,cn=config
仅同步子树的正确方法是什么cn=config?