On 3/8/21 7:13 PM, Quanah Gibson-Mount wrote:
--On Sunday, March 7, 2021 11:36 PM +0100 "A. Schulze" sca@andreasschulze.de wrote:
Am 02.03.21 um 13:19 schrieb A. Schulze:
I'm running a LDAP provider and multiple LDAP consumer and like to ask for your opinions to such a setup: While writing data to the LDAP provider, schema-checking is enforced. Currently also the LDAP consumer enforce schema checking.
Q: does it make sense to enforce schema checking on a LDAP consumer, too?
would be helpful if you could share experience/suggestion/opinion
Yes, it makes sense, particularly when using cn=config. I.e., if the master has had a schema update prior to the consumer being modified similarly, it prevents changes with unknown schema elements from being replicated.
This reasoning is not limited to cn=config. Same with static config with slapd.conf.
Ciao, Michael.