Rok Papez wrote:
Hello OpenLDAP-software :)!
I have a working syncrepl replication and even managed to do fractional replication
(only a subset of attributes are replicated). The list of attributes that should be
replicated is defined via ACL on the provider, like this:
Since you're using ACLs to control things, you should be able to just
use a value-specific ACL. There may still be issues with that in 2.3, it
definitely works in 2.4:
access to attrs=objectclass val=unknownLocalStuff
by dn.exact="cn=rep1,ou=replicators,dc=org,dc=test,dc=si" none break
access to dn.subtree="ou=users,dc=org,dc=test,dc=si"
by dn="cn=rep1,ou=replicators,dc=org,dc=test,dc=si" read
by anonymous auth
Consumer configuration looks like this:
Everything is working fine, however the problem is that provider is
using some additional schema with attributes, which are of no interest
to the consumer. The unwanted attributes are filtered out via provider
ACL, however the data from the provider contains an additional objectClass
with a custom schema name. Becouse consumer doesn't have this schema
it denies replication with an error message:
... slapd: syncrepl_message_to_entry: mods check (objectClass: value #0 invalid
Which is logical... the entry has an unknown objectClass.
Is it possible to somehow also filter out the unwanted "objectClass:
I tried googling for the fractional replication but it seems to be an obscure topic.
The OpenLDAP admin manual doesn't mention it so any help is welcome :).
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/