We've got a core set of OpenLDAP servers that are in a multi-master
configuration. We are looking at building out that set of servers so
that our data centres can have local copies of the data. However,
those copies don't need to be of everything, so I want to limit which
attributes get replicated.
I wanted to check that I've understood the configuration correctly ...
According to http://www.openldap.org/doc/admin22/syncrepl.html
looks like I can specify on the consuming LDAP server which attributes
are synced, and I can also ensure that the binddn account only has
access to those attributes on the providing LDAP server.
The example given in the documentation has:
What do I do if I want to synchronise all objectClasses but only
restrict the attributes on the organizationalPerson class? So, for
example, I want everything on groups but I don't want jpegPhoto on
What happens if one of the consuming LDAP servers is then itself
queried for an attribute that hasn't been synced? So, for example, if
a system in a data centre connects to a local consuming LDAP server
and asks for a jpegPhoto, that won't be on the local server, so what