Re: partial replication?

[Pierangelo Masarati <ando@sys-net.it>]

Aleksandar Milivojevic wrote:

> Is it possible to replicate only some objects under a branch of 
> directory tree based on a filter?
>
> For example, let assume I have "ou=people,dc=foobar,dc=com" with some 
> users under it.  I would like to replicate only objects under this DN 
> that have attributes "(&(someAttr=TRUE)(anotherAttr=foobar))" to slave 
> LDAP server (for example, I want only some entries to be visible on 
> slave server for security reasons).  Basically, this would be like 
> defining a filter for replication.
>
> Of course, when attributes used by filter change (from example 
> someAttr or anotherAttr change value in the above example), 
> replication process would need to add/remove the entry to/from slave 
> server.
>
> Solution with putting users into separate subtrees wouldn't really be 
> the best solution for me, since I'd need to make several subtrees for 
> several slave servers.  So, using subtrees, I would end up with 
> multiple entries for same user in various subtrees, instead of having 
> single entry for each user.
>
> Is something like this possible?  If not possible in current version 
> of OpenLDAP, it could be a usefull feature for some future version ;-)
See the "filter" parameter to syncrepl in Admin Guide 
<http://www.openldap.org/doc/admin22/syncrepl.html>.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497