Hi
We've got a core set of OpenLDAP servers that are in a multi-master configuration. We are looking at building out that set of servers so that our data centres can have local copies of the data. However, those copies don't need to be of everything, so I want to limit which attributes get replicated.
I wanted to check that I've understood the configuration correctly ...
According to http://www.openldap.org/doc/admin22/syncrepl.html, it looks like I can specify on the consuming LDAP server which attributes are synced, and I can also ensure that the binddn account only has access to those attributes on the providing LDAP server.
The example given in the documentation has:
filter="(objectClass=organizationalPerson)"
What do I do if I want to synchronise all objectClasses but only restrict the attributes on the organizationalPerson class? So, for example, I want everything on groups but I don't want jpegPhoto on people.
What happens if one of the consuming LDAP servers is then itself queried for an attribute that hasn't been synced? So, for example, if a system in a data centre connects to a local consuming LDAP server and asks for a jpegPhoto, that won't be on the local server, so what happens then?
Thank you.
Philip
openldap-technical@openldap.org