[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Partial replication of attributes

As suggested off-list by mdenk@whidbey.net:

"What I had to do in order to get selective replication to work was to
restrict the replication of certain attributes using the "!attr = attr1,
attr2, attr3 . . ." directive.  That works well for me."

Indeed it works better, but I'd like to remove posixAccount objectclass and attributes on that replication, and now I get the following error while the replicate tries to add a new entry:

object class 'posixAccount' requires attribute 'uidNumber'

although I put in my slapd.conf for that replica:
replica         host=ldaptux1.int-evry.fr:9000

What's wrong now ?

PS: replica logs
Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 ADD dn="uid=fluerksu,ou=People,dc=int-evry,dc=fr"
Jan 23 11:26:47 ldaptux1 slapd[16172]: Entry (uid=fluerksu,ou=People,dc=int-evry,dc=fr): object class 'posixAccount' requires attribute 'uidNumber'
Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 RESULT tag=105 err=65 text=object class 'posixAccount' requires attribute 'uidNumber'

Jehan PROCACCIA wrote:

I use openldap 2.1.12, bdb 4.1.25, redhat 8.0

I've read from man slapd.conf that we can partialy replicate :-)
However with the following configuration, I get all of my attributes replicated !?

replica         host=ldaptux1.int-evry.fr:9000
        #restriction to a subtree
        #restrict to a subset of objectclass
                objectclass="person organizationalPerson inetOrgPerson"
                bindmethod=simple   credentials=secret

I insert a new ldap entry with ldapadd, the entry ldif file containing:

objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: IntE-user
objectClass: labeledURIObject
objectClass: strongAuthenticationUser
objectClass: certificationAuthority
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount

and lots of related attributes, ei: homeDirectory

the ldapadd works fine, but on the replica machine I still get the wall set of attributes/objeclass for that new entry, although I wanted to restrict to attributes from objectclass="person organizationalPerson inetOrgPerson" as stated in my slapd.conf file . What is wrong ?

Second question: How can you initiate the database of the replica ? If I traditionnally do a slapcat on both master & slave, I get initialy all on the slave :-( !. Should I reinitiate both master & slave by a ldapadd of the wall database ?