On 29/10/2019 22:33, Quanah Gibson-Mount wrote:
autogroup is probably only usable in a replicated environment where there is a single provider and it is only configured on the provider (i.e., not configured on the consumers at all) and without memberOf. I'm not sure how it behaves with delta-syncrepl (i.e., what operations it logs in the change database). It may or may not be compatible for that configuration.
Hello Quanah
thank you for the quick and informative reply. My thinking was already going in that direction.
I would need a way disable those overlays on the consumer, still keeping the necessary ObjectClasses and such, and in that case memberOf and autogroup would just work on the provider and their "results" are replicated to the consumer. Sadly, my understanding of OpenLDAP is lacking in that regard.
I am wondering how other people solve these cases. The requirement brought up to me was to have an external, replicated "clone" of the LDAP service to be used if the WAN were down on location. No (active) changes would be made on the consumer.
Any possibilities or suggestions?
Best regards Martin