[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Selective replication (ITS#3299)

kmcarthu@bates.edu wrote:

>Full_Name: Karen R McArthur
>Version: 2.1.29
>OS: RedHat 8.0
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>Goal: set up master/slave ldap servers - the slave will be public white paper
>server, so it should not contain posix data.  The master will be for single-sign
>Set up a master and slave with identical structure:
>   created a 'core.ldif' file which is just the top level stuff
>   "slapadd -l core.ldif" on both conf files
>   started slapd (both master and slave)
>   replica and updatedn lines from conf files below
>Loaded the data to the master
>   ran "ldapadd -f data.ldif" on the master
>   replog file is created
>Started slurpd
>The "suffix=" line is working as expected - no "Group" data is passed
>The "attr!=" line is not working (fully) as expected
>   all data EXCEPT posixAccount data is passed to the replog file (as expected)
>   posixAccount objectClass not passed to replog file (as expected)
>   no objectClass AT ALL is passed to the replog file (not expected)

I think the correct approach is


i.e. explicitly list all the attributes required/allowed by posixAccount
__BEFORE__ negating posixAccount itself.


>When slapd starts up: objectClass violations due to no objectClass being
><<snip from data.ldif>>
>dn: uid=kmcarthu,ou=People,dc=example,dc=com
>objectClass: inetOrgPerson
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: posixAccount
>objectClass: krb5Principal
>objectClass: account
>objectClass: eduPerson
>cn: Karen McArthur
>sn: McArthur
>mail: kmcarthu@example.com
>uid: kmcarthu
>krb5PrincipalName: kmcarthu@KDC.EXAMPLE.COM
>uidNumber: 5230
>gidNumber: 107
>homeDirectory: /path/to/$HOME
>loginShell: /usr/ucb/csh
>gecos: Karen McArthur
>userPassword:: <<encrypted string>>
>host: host1.example.com
>host: host2.example.com
>title: Sys Admin
>ou: Information & Library Services
>postalAddress: 110 Russell Street
>eduPersonAffiliation: staff
>eduPersonPrimaryAffiliation: staff
><< end of snip>>
>replogfile /usr/local/var/openldap-slurp/slapd.replog
>replica host=ldap.example.com:389
>        binddn="cn=Replicate,dc=example,dc=com"
>        credentials=secret
>        bindmethod=simple
>        suffix="ou=People,dc=example,dc=com"
>        attr!=posixAccount
><< slave.conf>>
>updatedn "cn=Replicate,dc=example,dc=com"
>        credentials=secret
>        bindmethod=simple
>updateref host=ldap.example.com:389

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497