Perhaps it is best if I lead with an example.
Let's say that I have a local objectclass defined (uvmEduPII) and because it really has PII in it, I am being asked not to send that data anywhere the public could possibly see it. Therefore, I set up my delta-syncrepl consumer with the following exattrs:
exattrs=@uvmEduPII
That brings over all my entries and drops all the attributes that belong to the uvmEduPII objectClass. However, all of those entries do still have
objectClass: uvmEduPII
when I print them out, and that violates schema checking because the uvmEduPII objectClass does have a couple MUST attributes and they've been stripped out because of the exattrs.
Specifically what I am asking to do is to remove the objectClass attribute's "uvmEduPII" value in the delta-syncrepl process. The only benefit of doing that is I can set schemachecking=on instead of schemachecking=off in the syncrepl statement (or olcSyncrepl attribute). Perhaps, that's just not advisable with a non-complete replication?
- Frank
On Nov 1, 2018, at 13:27, Manuela Mandache manuela.mandache.mm@gmail.com wrote:
Le mer. 31 oct. 2018 03:20, Frank Swasey Francis.Swasey@uvm.edu a écrit : I am attempting to set up a replication using delta-syncrepl that will ignore four objectClasses. I am able to prevent the attributes of those objectClasses from being sent, by using @objectClassName in the exattrs value of the statement. However, I also have to set schemachecking off because the objectClass: objectClassName value is still coming over.
I was not able to find any examples of using the exattrs option in the tests/data directory. And, I have failed to find anything relevant from google.
Is there a way to prevent the four possible objectClass values that I don't want to see from being sent so I can leave schemachecking turned on?
Thanks,
- Frank
Hi Frank,
In your olcSyncrepl directive you can set the search filter for the entries to be replicated. The default filter is '(objectClass=*)' Replace it by '(&(! (objectClass=class1))(! (objectClass=class2))(! (objectClass=class3))(! (objectClass=class4)))' Or add this to whatever filter you have (hope I got the paranthesis right).
Cheers,
Manuela
Sorry, I misclicked for the reply and didn't send it to the list. And what I said prevents all entries using any of the four classes from being replicated and concerns the olcSyncrepl statement of your actual data. The exattrs is no longer needed if you use this filter - and you might want to let it out, if any of your four classes' attributes are used by some other class.
But I wonder if I didn't misunderstand your question. The values of objectClass are not in your data, they belong to the schema, cn=schema,cn=config. Do you replicate your cn=config and want to have a different schema on your consumer with respect to the provider ?
Cheers,
Manuela