--On Thursday, January 12, 2017 11:27 PM +0100 Michael Ströder michael@stroeder.com wrote:
Mark Cairney wrote:
On 12/01/17 16:06, Quanah Gibson-Mount wrote:
The correct fix is to modify your syncrepl configuration so that those attributes are ignored by the syncrepl client. There is no patch to the code necessary.
Possibly a dumb question but do you have a worked example of this? The usual "get-all" stanza for this would "*, +" and as far as I'm aware you can't subtract attributes from the list returned i.e. search for all attributes *except* pwdFailureTime.
You could try using option exattrs with syncrepl statement, see slapd.conf(5).
One could also change the olcAccess on the accesslog DB to exclude problem attributes from being visible. But exattrs is probably the best route.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com