Am Tue, 25 Feb 2014 18:24:14 -0300 schrieb Italo Valcy italovalcy@gmail.com:
Hello Dieter,
On Tue, Feb 25, 2014 at 5:05 PM, Dieter Klünter dieter@dkluenter.de wrote:
No, syncrepl (consumer) does not reqire operational attributs. Only if the ldap backend is also defined as syncprov (provider), than some operational attributes are required in order to provide valid data. But I don't think that the fedora directory supports RFC 4533.
Thanks for the reply!
Yes, but this is the only way the documentation points to in order to have a push-based replication initiated by the provider, do you agree? Bellow is part of OL documentation:
18.2.4. Syncrepl Proxy Mode While the LDAP Sync protocol supports both pull- and push-basedreplication, the push mode (refreshAndPersist) must still be initiated from the consumer before the provider can begin pushing changes (...) This mode can be configured with the aid of the LDAP Backend (Backends and slapd-ldap(8)). Instead of running the syncrepl engine on the actual consumer, a slapd-ldap proxy is set up near (or collocated with) the provider that points to the consumer, and the syncrepl engine runs on the proxy.
18.2.4.1. Replacing Slurpd The old slurpd mechanism only operated in provider-initiated pushmode. Slurpd replication was deprecated in favor of Syncrepl replication and has been completely removed from OpenLDAP 2.4.
Using the old slurpd, it was possible to filter which attributes I would like to send to the consumer. But, as far as could understand, this workaround is not possible with the above proposal (from doc).
Do you see any other way to achieve this feature?
Actually, I have no clue how to configure fedora directory as syncrepl consumer. Just as a proof of conzept I have setup a ldap backend with a minimal configuration which you may find here http://pastebin.de/40936 and simulated a consumer
ldapsearch \ -Esync=rp/rid=091,csn=20140115000000.126579Z#000000#000#000000 \ -x -D "cn=Replicator,o=avci,c=de" -w xxxx -H ldap://localhost \ -b "o=avci,c=de" -s sub "*"
You may test yourself.
-Dieter