Hi Quanah,
On 12/01/17 16:06, Quanah Gibson-Mount wrote:
The correct fix is to modify your syncrepl configuration so that those attributes are ignored by the syncrepl client. There is no patch to the code necessary.
Possibly a dumb question but do you have a worked example of this? The usual "get-all" stanza for this would "*, +" and as far as I'm aware you can't subtract attributes from the list returned i.e. search for all attributes *except* pwdFailureTime. Does this mean you would need to list all the operational attributes you do want replicated (and isn't there a risk that you could break things if you were to miss out the wrong ones).
My thinking is that this would be a suitable workaround with the issue I've been experiencing with the memberOf attribute- if it isn't picked up by syncrepl then each server will (correctly) maintain it's own memberOf attributes individually.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com