----- "Gavin Henry" ghenry@suretecsystems.com wrote:
Yes, and that it is "proxying" data. Openldap as the remove has what is needed, domino does not.
Bonnie, that meant to say, "as the remote". For example, the OpenLDAP remote side might have an entry like so:
# gavin.henry@suretecsystems.com, MailAliases, suretecsystems.com dn: cn=gavin.henry@suretecsystems.com,ou=MailAliases,dc=suretecsystems,dc=com structuralObjectClass: suretecMailAlias entryUUID: fdbf98ca-3118-102c-9eee-c3b0278f5eab creatorsName: cn=admin,dc=suretecsystems,dc=com createTimestamp: 20071127094345Z entryCSN: 20071127130047.357178Z#000000#000#000000 modifiersName: cn=admin,dc=suretecsystems,dc=com modifyTimestamp: 20071127130047Z entryDN: cn=gavin.henry@suretecsystems.com,ou=MailAliases,dc=suretecsystems,dc =com subschemaSubentry: cn=Subschema hasSubordinates: FALSE
Note the entryCSN and entryUUID as per:
RFC 4533 LDAP Content Synchronization Operation June 2006 [Page 28]
Appendix A. CSN-based Implementation Considerations
...the server not only maintains a CSN for each directory entry (the entry CSN) but also maintains a value that we will call the context CSN. The context CSN is the greatest committed entry CSN that is not greater than any outstanding (uncommitted) entry CSNs for all entries in a directory context. The values of context CSN are used in syncCookie values as synchronization state indicators.
These are what Syncrepl needs, and because the remote side you are proxying has them, all is well.
Now take an entry from Active Directory on Windows Server 2008:
dn: CN=Administrator,CN=Users,DC=ad,DC=suretecsystems,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain distinguishedName: CN=Administrator,CN=Users,DC=ad,DC=suretecsystems,DC=com instanceType: 4 whenCreated: 20080818193354.0Z whenChanged: 20080818195251.0Z uSNCreated: 8194 memberOf: CN=Group Policy Creator Owners,CN=Users,DC=ad,DC=suretecsystems,DC=com memberOf: CN=Domain Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com memberOf: CN=Enterprise Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com memberOf: CN=Schema Admins,CN=Users,DC=ad,DC=suretecsystems,DC=com memberOf: CN=Administrators,CN=Builtin,DC=ad,DC=suretecsystems,DC=com uSNChanged: 12715 name: Administrator objectGUID:: vuyXNovZB06PgC486y0UjA== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 128635631238177500 lastLogoff: 0 lastLogon: 128635645180075000 logonHours:: //////////////////////////// pwdLastSet: 128635613297241250 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAA4IX8iXHsQkLUe6ZE9AEAAA== adminCount: 1 accountExpires: 0 logonCount: 13 sAMAccountName: Administrator sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=suretecsystems,DC=com isCriticalSystemObject: TRUE dSCorePropagationData: 20080818193742.0Z dSCorePropagationData: 16010101000005.0Z lastLogonTimestamp: 128635619492443750
There is no entryCSN or entryUUID.
openldap-technical@openldap.org