Hello,
Thanks for the anwer… We are using delta sync as it seems that it is the best way to synchronise…
The filter as you describe seems to be the easiest solution so that I can select each subtree to replicate. Too bad it’s not so much documented…
Fred.
Le 23 juil. 2024 à 12:37, Ondřej Kuzník ondra@mistotebe.net a écrit :
On Tue, Jul 23, 2024 at 12:00:10PM +0200, Frédéric Goudal wrote:
Hello,
I’m trying to build a partial replication, but due to the structure of our ldap directory I’m wondering how to do :
I have an ou branch for people that I want to replicate (ou=people,<prefix>) I have an ou branch for groups that I want to replicate (ou=groups,<prefix>) I have an ou branche for sudo that I want to replicate (ou=sudo,<prefix>)
I guess that the setup for that is to replicate on <prefix> base and just filter on the objectClass
BUT… my problem is that I have another ou branch for some people (ou=otherPeople,<prefix>) that I don’t want to replicate, but that contains exactly the same objects than then ou=people,<prefix> branch, so I can not use a filter on objectClass, there is no specific
attribut that allow to say if an object belongs to ou=otherPoeple ou to ou=People
I wonder what is the correct solution to achieve my goal.
I was wondering if I could put several olcSyncrepl on the database with the same provider but one for every ou that I want to replicate ?
Or is there a better way to do ?
There are three options:
- what you suggest (3 syncrepl statements with different searchbases) -
theoretically should work but it's not often deployed and so less tested in the wild
- craft your filter accordingly (using 'entryDN:dnSubtreeMatch:=<prefix>')
- use ACLs on the provider side to hide certain parts of the DIT from
the consumer <- this is what I would usually do unless deltasync was needed
Regards,
-- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11