On 23/5/2012 5:35 μμ, Howard Chu wrote:
RTFM. slapcat(8) can be told to dump only a portion of the database, if desired.
I know we can specify filters. However there is a huge difference between specifying a filter and replicating based on ACLs (see below more on this).
Possibly. There are server-specific operational attributes, which might differ from one to the next. These are pretty rare though. Most operational attributes are global to the directory system, and will be identical.
OK, this is important to know. Thanks.
On 23/5/2012 5:15 μμ, Quanah Gibson-Mount wrote:
Also, the recommendation is always to use a non-rootDN for replication. I fail to see what that has to do with anything. You can certainly fully replicate the DIT w/o a root DN for replication.
Of course we can replicate the whole DIT without a root DN. The problem is the opposite: when we *don't want* to replicate the whole DIT and we *intentionally* configure our consumers not with a filter, but with a bind DN which has limited access to only particular parts of the DIT. This is our case.
In such a case we *could try* to create a filter to simulate our ACLs, in order to use it in a slapcat, but it's not the same, and it's not guaranteed that such a filter will be possible to be constructed. Right?
So, what are our options here?
Thanks, Nick