[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need help to understand how LDAP sync work

To: "Eudes LEDUCQ" <LEDUCQ@hec.fr>
Subject: Re: Need help to understand how LDAP sync work
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 10 Feb 2006 06:57:51 -0800
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <s3ec50d4.032@MI151.HEC.FR>
References: <s3ec50d4.032@MI151.HEC.FR>

At 11:37 PM 2/9/2006, Eudes LEDUCQ wrote:

>Kurt D. Zeilenga advised me to see:
>slapd(8) supports LDAP sync (doc/draft/draft-zeilenga-ldup-sync),
>an LDAP content synchronization mechanism. 

I note that this comment was in response to your question
regarding notification of a password change.  That is,
I was suggesting that an LDAP client could use the LDAP
sync mechanism to track changes to passwords.

>I need to synchronyse few openldap directories. 

LDAP sync can also be used to replicate data between OpenLDAP
servers.

>I have read the documentation, but i don't understand really how it's
>work and how configure it .

Well, if you want to configure replication between OpenlDAP
servers, you need not really understand the details of
LDAP Sync protocol mechanism, you just need to understand
how slapd(8) uses LDAP sync for replication.  This is
discussed in the various documents provided by the project.

If on the other hand, you want to write a client that uses
the LDAP sync protocol mechanism (to say, track changes
to passwords) then you need to under the protocol mechanism.
Here I suggest you try to read and understand the draft I
referenced.  If you have questions regarding this
draft specification, I suggest you direct them to author
(who might in turn refer you an appropriate mailing list).

>My  questions :
>1) this mechanism can synchronise few directories in seem time ?.  For
>informatoin the directories are of use and not in backup.

see above.

>2) it's possible to map the attributes i want to synchronise ? because
>the directories are not structured a same way (uid (A) -> cn (B)), and i
>don't need to synchronise all the attributes of an entry

slapd ldapsync replication doesn't itself provide such capabilities.
But once replicated, one can use relay and other facilities to rewrite
at the slave.

>3) is it really work fine to synchronise password ?

Between slapd instances, yes.
Between a custom client and slapd, yes.

>4) is it possible to use ldap sync with none openLdap directory ?

While it is certainly possible that another directory server might
also support the general LDAP sync protocol (though I am not aware
of any other shipping server doing so), the ldap sync engine in
slapd supports replication only between slapd instances, as well
as content sync with custom clients.

>5) where i can found documentation what help me to configure it ?

see above.

>thx

References:
- Need help to understand how LDAP sync work
  - From: "Eudes LEDUCQ" <LEDUCQ@hec.fr>

Prev by Date: RE: ACI syntax changes in 2.3 / OpenLDAPaci does not like multipleattributes
Next by Date: Re: (delta-)syncrepl and nagios
Index(es):
- Chronological
- Thread