[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: adding schema to master

To: Stefano Zanmarchi <zanmarchi@gmail.com>
Subject: Re: adding schema to master
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Wed, 20 Jun 2012 21:11:00 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CABXDU9Pv4XMUk1s2KxjRG1v+baN2n6xn3xRx4DPNZwrNkoeW7w@mail.gmail.com>
References: <CABXDU9Pv4XMUk1s2KxjRG1v+baN2n6xn3xRx4DPNZwrNkoeW7w@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Mon, Jun 18, 2012 at 01:41:46PM +0200, Stefano Zanmarchi wrote:

> our master slapd (openldap 2.4.26 on RHEL 5.6) has just one slave,
> same version, not easily
> modifiable since not directly under our control.
> We need to have some more attributes in the master and don't need them
> to be replicated to the slave.
> Can I safely add a new schema in the slapd.conf of the master, without
> doing anything to the slave?

You can, but it is risky. If one of the new attributes gets passed to
the slave by mistake it will cause a replication error that may be
hard to recover from.

If you decide to do this, you should use filters (and possibly ACLs
too) to make sure that your new attributes do not reach the slave.
If using a new auxiliary objectclass to permit the new attributes, you
may also want to filter it out of the objectclass attribute in data
passed to the slave.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- adding schema to master
  - From: Stefano Zanmarchi <zanmarchi@gmail.com>

Prev by Date: Re: PAM authentication and PPolicy issues
Next by Date: Re: Uniqueness constraint over multiple attributes
Index(es):
- Chronological
- Thread