[Date Prev][Date Next] [Chronological] [Thread] [Top]

Selective replication (ITS#3299)



Full_Name: Karen R McArthur
Version: 2.1.29
OS: RedHat 8.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (134.181.129.178)


Goal: set up master/slave ldap servers - the slave will be public white paper
server, so it should not contain posix data.  The master will be for single-sign
on.

Process:
Set up a master and slave with identical structure:
   created a 'core.ldif' file which is just the top level stuff
   "slapadd -l core.ldif" on both conf files
   started slapd (both master and slave)
   replica and updatedn lines from conf files below

Loaded the data to the master
   ran "ldapadd -f data.ldif" on the master
   replog file is created

Started slurpd

Results:
The "suffix=" line is working as expected - no "Group" data is passed
The "attr!=" line is not working (fully) as expected
   all data EXCEPT posixAccount data is passed to the replog file (as expected)
   posixAccount objectClass not passed to replog file (as expected)
   no objectClass AT ALL is passed to the replog file (not expected)

When slapd starts up: objectClass violations due to no objectClass being
created.

<<snip from data.ldif>>
dn: uid=kmcarthu,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: krb5Principal
objectClass: account
objectClass: eduPerson
cn: Karen McArthur
sn: McArthur
mail: kmcarthu@example.com
uid: kmcarthu
krb5PrincipalName: kmcarthu@KDC.EXAMPLE.COM
uidNumber: 5230
gidNumber: 107
homeDirectory: /path/to/$HOME
loginShell: /usr/ucb/csh
gecos: Karen McArthur
userPassword:: <<encrypted string>>
host: host1.example.com
host: host2.example.com
title: Sys Admin
ou: Information & Library Services
postalAddress: 110 Russell Street
eduPersonAffiliation: staff
eduPersonPrimaryAffiliation: staff
<< end of snip>>

<<master.conf>>
replogfile /usr/local/var/openldap-slurp/slapd.replog
replica host=ldap.example.com:389
        binddn="cn=Replicate,dc=example,dc=com"
        credentials=secret
        bindmethod=simple
        suffix="ou=People,dc=example,dc=com"
        attr!=posixAccount

<< slave.conf>>
updatedn "cn=Replicate,dc=example,dc=com"
        credentials=secret
        bindmethod=simple
updateref host=ldap.example.com:389