As suggested off-list by mdenk@whidbey.net:
"What I had to do in order to get selective replication to work was to
restrict the replication of certain attributes using the "!attr = attr1,
attr2, attr3 . . ." directive. That works well for me."
Indeed it works better, but I'd like to remove posixAccount objectclass
and attributes on that replication, and now I get the following error
while the replicate tries to add a new entry:
object class 'posixAccount' requires attribute 'uidNumber'
although I put in my slapd.conf for that replica:
replica host=ldaptux1.int-evry.fr:9000
suffix="ou=people,dc=int-evry,dc=fr"
objectclass!=posixAccount
attr!=loginShell,homeDirectory,uidNumber,gidNumber,gecos
I don't recall seeing the "objectclass!=<ocname>" option
in replica partial replication; if you use the name of an
objectclass instead of an attribute type, then all the
attrs of that objectclass get automatically selected;
quoting a comment in servers/slapd/ad.c:
/*
* Convert a delimited string into a list of AttributeNames;
* add on to an existing list if it was given. If the string
* is not a valid attribute name, if a '-' is prepended it is
* skipped and the remaining name is tried again; if a '+' is
* prepended, an objectclass name is searched instead.
*
* NOTE: currently, if a valid attribute name is not found,
* the same string is also checked as valid objectclass name;
* however, this behavior is deprecated.
*/
AttributeName *
str2anlist()
I'm not sure whether this will cause all the atrs listed as
required/allowed for that objectclass will be processed
consequently.
Pierangelo.