[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication issue

John Morrissey wrote:
On Wed, Nov 19, 2008 at 09:13:49PM +0100, Dieter Kluenter wrote:
Dmitriy Kirhlarov <dimma@higis.ru> writes: 
I have a problem with replication -- numbers of objects on provider
and consumer not identical.
[snip] 
it might not be related to your replication problem, but setting a
sizelimit=unlimited in syncrepl configuration reduces the chance that
clientside limitations come into effect.
If you require starttls and integrity you should at least add
tls_cacert option to syncrepl configuration.


For client operations, doesn't syncrepl operate as the rootdn, which is
exempt from size/time limitations?

What do you mean by "client operations"? syncrepl consists in the consumer contacting the producer via LDAP and thus as a regular client. As such, it connects with whatever identity you configure it as, and what that identity means for the producer is the producer's business. Using the producer's rootdn as the consumer's identity is not wise. That identity should have unlimited read privileges on the data it needs to replicate, but no write privileges are required.

If you mean those internal operations syncrepl needs to perform on the consumer itself, then yes: they are performed using the consumer's rootdn identity.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------