Hey guys, I'm setting up 2 mmr servers, and am wondering why the aci's on both machines don't end up being the same. All of the replication and configuring of the servers has been done in perl and NOT the console. Here is the process I used when setting up the servers. I'm using custom built packages on etch. ii fedora-ds-admin 1.1.6 Fedora Administration Server (admin) ii fedora-ds-admin-console 1.1.2 Fedora Admin Server Management Console ii fedora-ds-base 1.1.3 Fedora Directory Server (base) ii fedora-ds-console 1.1.2 Fedora Directory Server Management Console ii mozldap 6.0.5 Mozilla LDAP C SDK ii mozldap-dev 6.0.5 Mozilla LDAP C SDK ii mozldap-tools 6.0.5 Mozilla LDAP C SDK ii ldapsdk 4.17-4 Enables applications to manage information s ii perldap 1.5.2 PerLDAP is a set of modules written in Perl ii libadminutil 1.1.7 Utility library for directory server adminis ii libsvrcore 4.0.4 Secure PIN handling using NSS crypto ii libapache2-mod-nss 1.0.8 mod_nss is an SSL provider derived from the 1. install mmr1 server using setup-ds-admin.pl 2. install mmr2 server using setup-ds.pl 3. configure ssl/tls on each machine and confirm ldapsearchs etc are encrypted. 4. create root suffix o=netscaperoot on mmr2. 5. enable mmr replication of userroot on both mmr1 and mmr2 6. init UserRoot replication agreement on mmr1. 7. enable mmr replication of o=netscaperoot on both mmr1 and mmr2. 8. init NetscapeRoot replication agreement on mmr1. 9. run register-ds-admin.pl on mmr2 At this point, I can confirm that encryption is working over both machines, all replication agreements are over SSL and are working as expected. admin server is running on both machines, and both servers are accessible from each admin-server instance. So I opened up the console, and opened up a session to each server and thats when I noticed the different amount of aci's on each server on mmr1. o=NetscapeRoot has 5 acis' UserRoot has 6 cn=schema has 4 cn=monitor has 1 cn=config has 3 on mmr2. o=NetscapeRoot has 5 acis' UserRoot has 6 cn=schema has 1 cn=monitor has 1 cn=config has 0 So I'm wondering, if mmr2 server is missing those aci's because of the different install procedure of running setup-ds.pl first, then register-ds-admin.pl Here are the aci's in question mmr1 - cn=schema # schema dn: cn=schema aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=To pologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=Net scapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-xxxdmns0, cn=Fedora Directory Server, cn=Server Group, cn=xxx dmns0.xxx.xx.xx.xx, ou=xxx.xx.xx.ca, o=NetscapeRoot";) mmr2 - cn=schema # schema dn: cn=schema aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymo us, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) mmr1 - cn=config dn: cn=config aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; a llow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=To pologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (a ll) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=Ne tscapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "l dap:///cn=slapd-xxxdmns0, cn=Fedora Directory Server, cn=Server Group, cn=xxx dmns0.xxx.xx.xx.ca, ou=xxx.xx.xx.ca, o=NetscapeRoot";) mmr2 - cn=config none.