[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Selective replication (ITS#3299)

To: openldap-its@OpenLDAP.org
Subject: Re: Selective replication (ITS#3299)
From: ando@sys-net.it
Date: Wed, 25 Aug 2004 10:28:52 GMT

kmcarthu@bates.edu wrote:

>Full_Name: Karen R McArthur
>Version: 2.1.29
>OS: RedHat 8.0
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (134.181.129.178)
>
>
>Goal: set up master/slave ldap servers - the slave will be public white paper
>server, so it should not contain posix data.  The master will be for single-sign
>on.
>
>Process:
>Set up a master and slave with identical structure:
>   created a 'core.ldif' file which is just the top level stuff
>   "slapadd -l core.ldif" on both conf files
>   started slapd (both master and slave)
>   replica and updatedn lines from conf files below
>
>Loaded the data to the master
>   ran "ldapadd -f data.ldif" on the master
>   replog file is created
>
>Started slurpd
>
>Results:
>The "suffix=" line is working as expected - no "Group" data is passed
>The "attr!=" line is not working (fully) as expected
>   all data EXCEPT posixAccount data is passed to the replog file (as expected)
>   posixAccount objectClass not passed to replog file (as expected)
>   no objectClass AT ALL is passed to the replog file (not expected)
>

I think the correct approach is

    attr="objectClass,!posixAccount"

i.e. explicitly list all the attributes required/allowed by posixAccount
__BEFORE__ negating posixAccount itself.

p.

>
>When slapd starts up: objectClass violations due to no objectClass being
>created.
>
><<snip from data.ldif>>
>dn: uid=kmcarthu,ou=People,dc=example,dc=com
>objectClass: inetOrgPerson
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: posixAccount
>objectClass: krb5Principal
>objectClass: account
>objectClass: eduPerson
>cn: Karen McArthur
>sn: McArthur
>mail: kmcarthu@example.com
>uid: kmcarthu
>krb5PrincipalName: kmcarthu@KDC.EXAMPLE.COM
>uidNumber: 5230
>gidNumber: 107
>homeDirectory: /path/to/$HOME
>loginShell: /usr/ucb/csh
>gecos: Karen McArthur
>userPassword:: <<encrypted string>>
>host: host1.example.com
>host: host2.example.com
>title: Sys Admin
>ou: Information & Library Services
>postalAddress: 110 Russell Street
>eduPersonAffiliation: staff
>eduPersonPrimaryAffiliation: staff
><< end of snip>>
>
><<master.conf>>
>replogfile /usr/local/var/openldap-slurp/slapd.replog
>replica host=ldap.example.com:389
>        binddn="cn=Replicate,dc=example,dc=com"
>        credentials=secret
>        bindmethod=simple
>        suffix="ou=People,dc=example,dc=com"
>        attr!=posixAccount
>
><< slave.conf>>
>updatedn "cn=Replicate,dc=example,dc=com"
>        credentials=secret
>        bindmethod=simple
>updateref host=ldap.example.com:389
>  
>





    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Selective replication (ITS#3299)
Next by Date: slapd crash in back-bdb/ctxcsn.c (ITS#3301)
Index(es):
- Chronological
- Thread