At 05:00 PM 12/23/2006, Howard Chu wrote:
Kurt D. Zeilenga wrote:
>It might be more appropriate to handle this issue on the
>consumer than the provider. An arbitrary LDAP sync client
>might want this and other DSA specific attributes included
>in the content. That is, the provider should not assume
>the consumer is doing server-to-server replication.
True. The problem was that the auditContext attribute wasn't defined on the consumer.
There's no obvious way to configure a consumer to exclude unknown attributes,
Personally, I think this kind of problem is better solved by
configuration then by code. Configuration wise, this can be
addressed on either consumer side via a narrower attrs list,
or on the provider side with an ACL.