Hello,
I use openldap 2.4.16.

I configured 2 servers using syncrepl. I would like to sync only a DIT fragment and so i put these lines in the consumer slapd.conf file:


syncrepl rid=111
        provider=ldaps://mydomain.it
        type=refreshAndPersist
        searchbase="dc=mydomain,dc=it"
        filter="(&(objectClass=
MyClass)(Email=true))"
        attrs="Username,UserStatus,UserExpireDate"
        schemachecking=off
        bindmethod=simple
        binddn="cn=reader,dc=mydomain,dc=it"
        credentials=xxxxxx
        retry="60 +"



When i try to get out of the scope an entry (setting its attribute 'Email' = false) in the producer, i see that the same entry is removed from the consumer.
Everything works fine if i don't activate delta syncrepl mode using accesslog overlay.
If i do that, every changes in the producer is propagated to the consumer even if the entry is out of the scope defined in the consumer.
How can i configure delta syncrepl (with accesslog) for sync only a DIT fragment?

My producer (delta-syncrepl mode) slapd.conf is:

moduleload syncprov.la

#######################################################################
# ACCESSLOG database definitions
#######################################################################

moduleload accesslog.la

database        bdb
suffix          "cn=accesslog"
rootdn          "cn=accesslog"
directory       /openldap/data/accesslog
index default eq
index entryCSN,objectClass

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

#######################################################################
# BDB database definitions
#######################################################################

# RAMO LOCALE:
database      bdb
suffix        "dc=mydomain,dc=it"
rootdn        "cn=manager,dc=mydomain,dc=it"
rootpw        xxxxxxx
directory     /openldap/data
index objectClass,uid eq
index entryCSN eq
index entryUUId eq
index Email pres,eq

#######################################################################
# Syncrepl - Sincprov
#######################################################################

overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100

overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 00+01:00 00+00:15

#######################################################################
# ACL
#######################################################################

access to dn.subtree="dc=mydomain,dc=it" attrs="userPassword"
  by anonymous auth
  by self write
  by * search

access to *
  by dn.base="cn=reader,dc=mydomain,dc=it" read
  by * break

My consumer (delta-syncrepl mode) slapd.conf is:


#######################################################################
# BDB database definitions
#######################################################################

# RAMO LOCALE:
database        bdb
suffix          "dc=mydomain,dc=it"
rootdn          "cn=manager,dc=mydomain,dc=it"
rootpw          xxxxxxx
directory       /openldap/data
index objectClass,uid eq
index entryUUID,entryCSN eq
index Email pres,eq

#######################################################################
# DELTA-SYNCREPL   
#######################################################################

syncrepl rid=005
       provider=ldaps://mydomain.it:123
       type=refreshAndPersist
       searchbase="dc=mydomain,dc=it"
       filter="(&(objectClass=myClass)(Email=true))"
       logbase="cn=accesslog" 
       syncdata=accesslog     
       schemachecking=off
       bindmethod=simple
       binddn="cn=reader,dc=mydomain,dc=it"
       credentials=xxxxxx
       retry="60 +"
updateref ldaps://mydomain.it:123

######################################################################
# ACL
######################################################################

access to dn.subtree="dc=mydomain,dc=it" attrs="userPassword"
  by anonymous auth
  by self write
  by * search

access to *
  by dn.base="cn=reader,dc=mydomain,dc=it" read
  by * break

Thank you!

                Marco