# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2005 The OpenLDAP Foundation.
+## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
#ldapmod#modulepath ../servers/slapd/back-ldap/
#ldapmod#moduleload back_ldap.la
+# We don't need any access to this DSA
+restrict all
+
#######################################################################
# consumer proxy database definitions
#######################################################################
database ldap
-#restrict all
suffix "dc=example,dc=com"
+rootdn "cn=Whoever"
uri @URI2@
-idassert-bind bindmethod=simple
- binddn="cn=Replica,dc=example,dc=com"
- credentials=secret
- mode=none
+
+# ITS#4632: syncprov now wants this on (ITS#4613); however, since checks
+# are in place to prevent lastmod operational attrs to be added twice,
+# this shuld make no harm
+lastmod on
+
+# HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply
+# whithout the need to write the UpdateDN before starting replication
+acl-bind bindmethod=simple
+ binddn="cn=Monitor"
+ credentials=monitor
# Don't change syncrepl spec yet
+
+# HACK: use the RootDN of the monitor database as UpdateDN so ACLs apply
+# whithout the need to write the UpdateDN before starting replication
syncrepl rid=1
provider=@URI1@
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
- attrs="*,+"
+ attrs="*,structuralObjectClass,entryUUID,entryCSN,creatorsName,createTimestamp,modifiersName,modifyTimestamp"
schemachecking=off
scope=sub
type=refreshAndPersist