This is something I would like details on, too!
In order to control what gets replicated, I tried defining as "binddn" (in syncrepl slaves) an account with particular privileges (as defined in my master ACL) and I remained with the impression that whatever this account has "read" privileges on, will get replicated.
However, this was not the case. Replication didn't work with that account (or with some other accounts with limited access I tried) in slave syncrepl "binddn".
I ended up using the master's Manager as a "binddn" in syncrepl slaves and thus all the DIT gets replicated, but I couldn't find any other alternative.
Still, replication works flawlessly this way and my DIT is not very large, so the problem is not very big for me, but ideally I would like to isolate parts of the DIT depending on what is used in each slave.
I'm using openldap 2.3.43-12 on CentOS 5.5 at all boxes.
Nick
On 3/11/2010 4:43 μμ, Bram Cymet wrote:
Hi,
I would like to control what gets replicated to my ldap slaves.
How would I specify what I don't want to be replicated? Is this even possible or do I have to create a filter that finds everything that I want to send down?
Thanks,