Hi Everyone!
I've got two questions related to LDAP sync. - The consumer LDAP automaticly becomes readonly, when "syncrepl" is set in it's config. Is it possible to have a consumer (slave) LDAP, which is not readonly? - It is possible to set the attributes, which must be syncronized, but using this options will delete all other attributes of the entry (on the consumer), that I didn't wanted to syncronize. I would like to syncronize a set of attributes, but I'd like to have all the other attributes of the entry unchanged. Is it possible?
I was looking for answers in the archives, but I couldn't find clear solutions.
Thanks in advance, Balazs Szeti
On Thu, 18 Jan 2007, Szeti, Balazs wrote:
- The consumer LDAP automaticly becomes readonly, when "syncrepl" is set
in it's config. Is it possible to have a consumer (slave) LDAP, which is not readonly?
This isn't readily achievable.
- It is possible to set the attributes, which must be syncronized, but
using this options will delete all other attributes of the entry (on the consumer), that I didn't wanted to syncronize. I would like to syncronize a set of attributes, but I'd like to have all the other attributes of the entry unchanged. Is it possible?
You should look at the slapo-translucent man page, in combination with the "attrs=" argument to the syncrepl directive.
Aaron Richton wrote:
- The consumer LDAP automaticly becomes readonly, when "syncrepl" is set
in it's config. Is it possible to have a consumer (slave) LDAP, which is not readonly?
This isn't readily achievable.
No, but the chain overlay can be used to huge advantage to simulate this and I thank heaven that this has been implemented in the stable 2.3 tree. We have a 2.3 LDAP slave Samba server on which all shell/Perl scripts have to run to make sure that the Windows domain SIDs are correct; without the chain overlay chasing referrals to the master life would be much harder.
[...]
--Tonni
openldap-software@openldap.org
-
Aaron Richton -
Szeti, Balazs -
Tony Earnshaw