Actually, I've found another possible way. If I use the rwm overlay, I can modify the DN that is sent in. I just need a way to get the IP to put in the rewriteRule and I should be good. Any ideas on that?
-Etan E. Weintraub Information Security Architect IT@Johns Hopkins Johns Hopkins at Mt. Washington 5801 Smith Ave. Davis Building Suite 3110B Baltimore, MD 21209 Phone: 667-208-6309 E-mail: eweintra@jhmi.edu
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Quanah Gibson-Mount Sent: Thursday, June 8, 2017 9:31 AM To: Philip Colmer philip.colmer@linaro.org; openldap-technical@openldap.org Subject: Re: Limiting which attributes get replicated
--On Thursday, June 08, 2017 12:28 PM +0100 Philip Colmer philip.colmer@linaro.org wrote:
What happens if one of the consuming LDAP servers is then itself queried for an attribute that hasn't been synced? So, for example, if a system in a data centre connects to a local consuming LDAP server and asks for a jpegPhoto, that won't be on the local server, so what happens then?
Might be easiest to use an ACL to drop the attributes you don't want it to replicate for the replication DN for those consumers. As for what happens when a client requests jpegPhoto and it doesn't exist, the same thing that happens for any client that requests an attribute that doesn't exist -- It won't get a result that includes that attribute.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com