[Date Prev][Date Next]
RE: partial replication of entries/attributes
In LDAP/X.500, modifications are atomic, all-or-nothing. If any part of an
update fails the entire update must fail. The place to limit things is on the
master, when it generates the replog.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stefan
> On Thu, Jan 10, 2002 at 08:56:29AM +0100, Pierangelo Masarati wrote:
> > Stefan Alfredsson wrote:
> > > Is it possible to do a partial replication, i.e. only certain attributes
> > > are taken into consideration?
> > No. I'd say "not yet" because I was thinking about doing something like
> > that some day. A simple yet powerful solution would be to pass the data
> > being sent to each replica thru ACLs.
> I came to think about this possiblity today myself; If the replica binddn
> only has write access to certain attributes on the slave, would this
> work as expected?
> Something like this springs to mind (slave config):
> access to attrs=maillocaladdress,rfc822mailmember,cn,uid
> by dn="cn=repl,dc=acme,dc=org" write
> by * read
> access to *
> by * read
> Or would slurpd fail when it has no access to modify other attributes
> on the slave? I.e. if only maillocaladdress is changed, it is successful.
> If maillocaladdress and loginShell were changed at the same time,
> there would be a conflict and the "transaction" would fail?