[Date Prev][Date Next] [Chronological] [Thread] [Top]

partial replication, limited attributes.

To: open ldap general <openldap-general@OpenLDAP.org>
Subject: partial replication, limited attributes.
From: Gerrit Thomson <334647@swin.edu.au>
Date: Thu, 25 Feb 1999 09:35:03 +1100

Hi,
   a question on replication.

I perceive our need to include the use of a partial replica of our main
ldap server. This replica service would be the public server for email
address book lookups without authentication.

I thought to use limited access rights for the replicating DN and simply
allow errors to occur during the data transfer. This would fill an error
log but turning off error logging would be fine on the replica server..

A reason for this setup is security. Our main server would contain a lot
of information most of which would be private. I am sure the security of
the ldap server is fine but without devices like "password retry
lockouts" it remains vulnerable when used for authenticating many
services. So, just in case someone does find a way to hack in then only
having a limited amout of information available is the best defence.

So I'm wondering about partial replication setups.

Cheers,
    Gerrit Thomson.

Prev by Date: OpenLdap 1.2 replica setup
Next by Date: OpenLDAP 1.1.4 and Netscape Address Book
Index(es):
- Chronological
- Thread