On 03/31/10 01:28, Joe Friedeggs wrote:
On 03/30/10 18:36, Joe Friedeggs wrote:
Is it possible to replicate, on a slave, two branches of the DIT (only)? I have several instances of LDAP running on servers throughout the world. Connection to some of these from our support location is not dependable. I want to do something similar to this:
Main LDAP (here, master):
dc=example,dc=com | +--o=support | +--o=location_A | +--o=location_B | +--o=location_C
In Location A (remote slave):
dc=example,dc=com | +--o=support | +--o=location_A
In Location B (remote slave):
dc=example,dc=com | +--o=support | +--o=location_B
Location A& B are two different customers, therefore it would not be prudent to replicate Location B's users in Locations A. But I need the Support group to exist in all locations.
Hello,
Can this be done using syncrepl?
I believe this could be done via 'searchbase="dc=domain,dc=tld"' option.
I wish it was that easy. What I need is both
o=support,dc=example,dc=com AND o=location_A,dc=example,dc=comreplicated in the Location_A database, but I don't want
o=location_B,dc=example,dc=comin the database of Location_A
I have not found a way to make that work with syncrepl searchbase.
How about to refuse rights to the syncrepl user? Actually, you could apply this to the whole tree. Just allow read to DNs you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld for replication, then allow this cn=mirrorA to read only o=support,dc=example,dc=com and o=location_A,dc=example,dc=com, but nowhere else.
How about that?
Zdenek
Thanks, Joe
... Thanks, Joe
Regards, Zdenek
Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/210850553/direct/01/