On 3/27/07, Buchan Milne <bgmilne(a)staff.telkomsa.net> wrote:
The real question is, what do you *need*.
We have a need to provide a limited "view" of our LDAP tree to a DMZ
environment. We replicate to an intermediate server using a filtered
syncrepl, which leaves this server with the limited "view".
To then get this data into the DMZ it would be preferable to push than
pull, as this would not require a hole in the firewall back into the
If you just need a log of changes, look at the auditlog overlay
mentioned in the answer to the mail you reference).
We've already considered auditlog and it will probably be the fallback
if we can't get any other push based mechanism working.
Evolution: Taking care of those too stupid to take care of themselves.