Re: syncrepl with exattrs
Perhaps it is best if I lead with an example.
Let's say that I have a local objectclass defined (uvmEduPII) and because it really
has PII in it, I am being asked not to send that data anywhere the public could possibly
see it. Therefore, I set up my delta-syncrepl consumer with the following exattrs:
exattrs=@uvmEduPII
That brings over all my entries and drops all the attributes that belong to the uvmEduPII
objectClass. However, all of those entries do still have
objectClass: uvmEduPII
when I print them out, and that violates schema checking because the uvmEduPII objectClass
does have a couple MUST attributes and they've been stripped out because of the
exattrs.
Specifically what I am asking to do is to remove the objectClass attribute's
"uvmEduPII" value in the delta-syncrepl process. The only benefit of doing that
is I can set schemachecking=on instead of schemachecking=off in the syncrepl statement (or
olcSyncrepl attribute). Perhaps, that's just not advisable with a non-complete
replication?
- Frank
On Nov 1, 2018, at 13:27, Manuela Mandache
<manuela.mandache.mm(a)gmail.com> wrote:
Le mer. 31 oct. 2018 03:20, Frank Swasey <Francis.Swasey(a)uvm.edu> a écrit :
I am attempting to set up a replication using delta-syncrepl that will ignore four
objectClasses. I am able to prevent the attributes of those objectClasses from being
sent, by using @objectClassName in the exattrs value of the statement. However, I also
have to set schemachecking off because the objectClass: objectClassName value is still
coming over.
I was not able to find any examples of using the exattrs option in the tests/data
directory. And, I have failed to find anything relevant from google.
Is there a way to prevent the four possible objectClass values that I don't want to
see from being sent so I can leave schemachecking turned on?
Thanks,
- Frank
Hi Frank,
In your olcSyncrepl directive you can set the search filter for the entries to be
replicated. The default filter is
'(objectClass=*)'
Replace it by
'(&(! (objectClass=class1))(! (objectClass=class2))(! (objectClass=class3))(!
(objectClass=class4)))'
Or add this to whatever filter you have (hope I got the paranthesis right).
Cheers,
Manuela
Sorry, I misclicked for the reply and didn't send it to the list. And what I said
prevents all entries using any of the four classes from being replicated and concerns the
olcSyncrepl statement of your actual data. The exattrs is no longer needed if you use this
filter - and you might want to let it out, if any of your four classes' attributes are
used by some other class.
But I wonder if I didn't misunderstand your question. The values of objectClass are
not in your data, they belong to the schema, cn=schema,cn=config. Do you replicate your
cn=config and want to have a different schema on your consumer with respect to the
provider ?
Cheers,
Manuela