On 23/5/2012 5:51 μμ, Charles T. Brooks wrote:
<Mail content is a bit scrambled (text with spaces between chars),
but I managed to read !!>
Charles,
Thank you for your thoughts. I agree with you. There can/should be a number of consumers fully replicating the DIT so that they can be promoted to masters whenever needed.
However, we do have and want some consumers with limited data replication. For example, our mail server runs a consumer replicating only the user accounts needed and only the ldap-hosted aliases. I don't want to replicate more ldap data there, there is no need to expose more data there and to load the server with unneeded replication operations. We are replicating on the mail server so that we can do *local* ldap lookups and achieve better mail server performance.
Additionally, our DNS masters, replicate only the DNS resource records (also ldap-hosted). They don't need any info about users and aliases. We are also replicating there so that we can do local ldap lookups and achieve better DNS server performance.
But I want to be able to check whether all partially replicated data are replicating as they should!
One solution would be to define some non-root DN which *will be able to* replicate the whole DIT and use it in consumer configuration, then limit replication *using filters*. But this limits options and affects DIT architecture in the first place (not necessarily bad, but we would need to re-evaluate some things and it's not easy when in production).
Thank you again for your time and thoughts, Nick
openldap-technical@openldap.org