On 08/10/2015 11:54 AM, German Parente wrote:
you could add an aci to deny "replication user" from doing "delete"
operations on the whole replicated suffix. But note this aci will be by "user"
and not by "host".
If not, you could also restrict the aci by ip address of primary node to achieve exactly
what you want to do.
this will not work, acis are not evaluated again in a
session, only on the master the op was seen first.
But, all the effort we do in replication is to make the databases
consistent on master and replica, you are asking explicitely to make it
inconsistent, this should not be supported. the only exception is
----- Original Message -----
> From: "vinay garg" <vinay.garg(a)fosteringlinux.com>
> To: 389-users(a)lists.fedoraproject.org
> Sent: Monday, August 10, 2015 10:57:07 AM
> Subject: [389-users] Restict master-master replication
> hi list,
> we have multi-master settup
> 1. Primary master
> 2. Secondary Master
> HOw can we apply restriction on Primary master that primary master can
> replicaiton only modify, add on secondary master. But Primary master dont
> have permission to delete replication data on secondary master.
> Any idea how to restrict From Primary Master to Secondary master
> Vinay Garg
> Keen & Able Comp. Pvt. ltd.
> 389 users mailing list
389 users mailing list