John Morrissey wrote:
On Wed, Nov 19, 2008 at 09:13:49PM +0100, Dieter Kluenter wrote:
Dmitriy Kirhlarov dimma@higis.ru writes:
I have a problem with replication -- numbers of objects on provider and consumer not identical.
[snip]
it might not be related to your replication problem, but setting a sizelimit=unlimited in syncrepl configuration reduces the chance that clientside limitations come into effect. If you require starttls and integrity you should at least add tls_cacert option to syncrepl configuration.
For client operations, doesn't syncrepl operate as the rootdn, which is exempt from size/time limitations?
What do you mean by "client operations"? syncrepl consists in the consumer contacting the producer via LDAP and thus as a regular client. As such, it connects with whatever identity you configure it as, and what that identity means for the producer is the producer's business. Using the producer's rootdn as the consumer's identity is not wise. That identity should have unlimited read privileges on the data it needs to replicate, but no write privileges are required.
If you mean those internal operations syncrepl needs to perform on the consumer itself, then yes: they are performed using the consumer's rootdn identity.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------