What's the recommendation for keeping package builds for OpenLDAP and mdb_* tools in sync?
Use the OpenLDAP 2.4.x release and build from there?
AFAICS LTB builds are made like this but they use a different prefix and therefore don't
have a collision with packages coming from OS package upstream.
--On Friday, June 30, 2017 9:08 AM +0300 Zeus Panchenko <zeus(a)ibs.dn.ua>
> Quanah Gibson-Mount <quanah(a)symas.com> wrote:
>> Wouldn't it be simpler to define ACLs on the master that limit what
>> the replication identity has access to that matches your filters?
> emm ... I was sure I can not do that on the master side ... just I try
> do that, I receive full data ...
Then likely your ACLs were incorrect?
> looks like some more permittive acl works for the replica ... can I
> somehow know which acl matched the replica? But I was trying to place
> replABC ACLs to the end of the list and still was not able to limit data
> according the filter
I suggest reading the slapd.access(5) man page and the OpenLDAP Admin
guide. As clearly noted in the documentation, ACLs (generally) stop
processing on the *first* match. So, depending on your ACLs, adding your
ACLS at the end of the list probably meant they were never evaluated.
>> I would also note that your stanza limiting what attrs are replicated
>> is missing the operational attributes that are necessary for sync
>> replication to function, so I would fully expect errors.
> do you mean entryCSN and entryUUID ?
Yes, sorry, I missed them at the start of the list of attributes. ;) So
that part seems ok.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: