Hi Janne,
And thank you for the answer. I found out that the replication source is actually a redundant two node installation with MirrorMode [1] replication between the nodes.
Is this game changer? Can I add two syncrepl providers to the consumer's slapd configuration? If it's not possible I think one provider is enough.
Kind regards,
Harri
[1] https://www.openldap.org/doc/admin24/replication.html#MirrorMode
On 14.1.2021 12.03, Janne Peltonen wrote:
Hi!
General FAQ on openldap replication:
https://www.openldap.org/faq/data/cache/1170.html
Use the "syncrepl" configuration directive. On the page
https://www.openldap.org/faq/data/cache/1117.html
there's a configuration example about how to replicate an entire LDAP tree:
--clip-- syncrepl rid=1 provider=ldap://ldap1.my.org:389 type=refreshAndPersist retry="60 +" searchbase="o=my.org,c=us" filter="(objectClass=*)" scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=syncuser,o=my.org,c=us" credentials=syncpass
updateref ldap://ldap1.my.org --clip--
Note the options 'searchbase', 'filter', 'scope' and 'attrs' that define the LDAP search used to select which objects to replicate. You can set them in the same way you would using ldapsearch to only replicate those objects you need to replicate.
Best,
Janne P.
On Wed, Jan 13, 2021 at 12:13:43PM +0200, Harri T. wrote:
Hi,
Is it possible to integrate two OpenLDAP servers so that some users (filtered by some criteria) are replicated from one server to another (but not vice versa)?
Does OpenLDAP provide some functionalties for this or must I write a cron scheduled shell script utilizing ldapsearch and ldapmodify?
Any advice or configuration example is appreciated.
Kind regards,
Harri