我想能够仅融合cn=config的子树,即cn=schema,cn=config :
# {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcAccess: {1}to * by * none olcRootDN: cn=admin,cn=config olcRootPW: {SSHA}just_another_secret olcSyncUseSubentry: FALSE olcSyncrepl: {0}rid=001 provider=ldap://provider.example.org binddn="cn=consumer ,dc=example,dc=org" bindmethod=simple credentials="secret" searchbase="cn=sch ema,cn=config" type=refreshOnly filter="(!(cn=*core))" interval=00:00:30:00 retry="5 5 30 +" timeout=1 scope=sub schemachecking=on starttls=yes
但是,如果我将cn=config定义为影子树(即使是子树,请参阅searchbase ),我不再允许修改它。
我的错误是:
modifying entry "cn=config" ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral
即使我尝试修改位于cn=config的属性“olcLogLevel”,该属性是上级尊重syncrepl -cated cn=schema,cn=config 。
什么是正确的方式来syncrepl只是一个子树的cn=config ?