Quanah Gibson-Mount quanah@symas.com wrote:
Wouldn't it be simpler to define ACLs on the master that limit what the replication identity has access to that matches your filters?
emm ... I was sure I can not do that on the master side ... just I try do that, I receive full data ...
looks like some more permittive acl works for the replica ... can I somehow know which acl matched the replica? But I was trying to place replABC ACLs to the end of the list and still was not able to limit data according the filter
I would also note that your stanza limiting what attrs are replicated is missing the operational attributes that are necessary for sync replication to function, so I would fully expect errors.
do you mean entryCSN and entryUUID ?
unique, as documented in the man page. Given that OpenLDAP functions off of CSN values, partial replication is tricky, as the master can then have a contextCSN that does not correspond to anything in a partially replicated database, depending on how you slice it.
I was sure I understood the documentation ...