[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: partial replication of entries/attributes

In LDAP/X.500, modifications are atomic, all-or-nothing. If any part of an
update fails the entire update must fail. The place to limit things is on the
master, when it generates the replog.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stefan
> Alfredsson

> On Thu, Jan 10, 2002 at 08:56:29AM +0100, Pierangelo Masarati wrote:
> > Stefan Alfredsson wrote:
> > > Is it possible to do a partial replication, i.e. only certain attributes
> > > are taken into consideration?
> >
> > No. I'd say "not yet" because I was thinking about doing something like
> > that some day.  A simple yet powerful solution would be to pass the data
> > being sent to each replica thru ACLs.
> I came to think about this possiblity today myself; If the replica binddn
> only has write access to certain attributes on the slave, would this
> work as expected?
> Something like this springs to mind (slave config):
> access to attrs=maillocaladdress,rfc822mailmember,cn,uid
> 	by dn="cn=repl,dc=acme,dc=org" write
> 	by * read
> access to *
> 	by * read
> Or would slurpd fail when it has no access to modify other attributes
> on the slave? I.e. if only maillocaladdress is changed, it is successful.
> If maillocaladdress and loginShell were changed at the same time,
> there would be a conflict and the "transaction" would fail?
> /Stefan