Hi, our master slapd (openldap 2.4.26 on RHEL 5.6) has just one slave, same version, not easily modifiable since not directly under our control. We need to have some more attributes in the master and don't need them to be replicated to the slave. Can I safely add a new schema in the slapd.conf of the master, without doing anything to the slave? Thanks a lot for your help, Stefano
On Mon, Jun 18, 2012 at 01:41:46PM +0200, Stefano Zanmarchi wrote:
our master slapd (openldap 2.4.26 on RHEL 5.6) has just one slave, same version, not easily modifiable since not directly under our control. We need to have some more attributes in the master and don't need them to be replicated to the slave. Can I safely add a new schema in the slapd.conf of the master, without doing anything to the slave?
You can, but it is risky. If one of the new attributes gets passed to the slave by mistake it will cause a replication error that may be hard to recover from.
If you decide to do this, you should use filters (and possibly ACLs too) to make sure that your new attributes do not reach the slave. If using a new auxiliary objectclass to permit the new attributes, you may also want to filter it out of the objectclass attribute in data passed to the slave.
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Stefano Zanmarchi