openldap-technical July 2017

openldap-technical@openldap.org

29 participants
73 discussions

Re: package OpenLDAP and lmdb
by Howard Chu 04 Jul '17

04 Jul '17

Michael Ströder wrote: > HI! > > What's the recommendation for keeping package builds for OpenLDAP and mdb_* tools in sync? > > Use the OpenLDAP 2.4.x release and build from there? Sure, the latest LMDB release is always included in the latest OpenLDAP 2.4 release. > AFAICS LTB builds are made like this but they use a different prefix and therefore don't > have a collision with packages coming from OS package upstream. > > Ciao, Michael. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

package OpenLDAP and lmdb
by Michael Ströder 03 Jul '17

03 Jul '17

HI! What's the recommendation for keeping package builds for OpenLDAP and mdb_* tools in sync? Use the OpenLDAP 2.4.x release and build from there? AFAICS LTB builds are made like this but they use a different prefix and therefore don't have a collision with packages coming from OS package upstream. Ciao, Michael.

1 0

Re: [Q] can I replicate several branches to the same slave from one master?
by Quanah Gibson-Mount 03 Jul '17

03 Jul '17

--On Friday, June 30, 2017 9:08 AM +0300 Zeus Panchenko <zeus(a)ibs.dn.ua> wrote: > Quanah Gibson-Mount <quanah(a)symas.com> wrote: >> >> Wouldn't it be simpler to define ACLs on the master that limit what >> the replication identity has access to that matches your filters? >> > > emm ... I was sure I can not do that on the master side ... just I try > do that, I receive full data ... Then likely your ACLs were incorrect? > looks like some more permittive acl works for the replica ... can I > somehow know which acl matched the replica? But I was trying to place > replABC ACLs to the end of the list and still was not able to limit data > according the filter I suggest reading the slapd.access(5) man page and the OpenLDAP Admin guide. As clearly noted in the documentation, ACLs (generally) stop processing on the *first* match. So, depending on your ACLs, adding your ACLS at the end of the list probably meant they were never evaluated. >> I would also note that your stanza limiting what attrs are replicated >> is missing the operational attributes that are necessary for sync >> replication to function, so I would fully expect errors. > > do you mean entryCSN and entryUUID ? Yes, sorry, I missed them at the start of the list of attributes. ;) So that part seems ok. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2017