[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape D.S. -> OpenLDAP replication



NSDS doesn't "know how to replicate to OpenLDAP", but it does know how
to replicate to an LDAP server, though it DOES expect it to be another
NDDS. Simply specify the OpenLDAP server as the target host in the NSDS
Replication configuration panels.

OpenLDAP, however, doesn't know anything about special NSDS attributes,
such as "ACI" and "copiedFrom".

Will NSDS replicate to OpenLDAP: YES. Again, you may have to make
OpenLDAP adjustments to accomodate NSDS objects and attributes. The two
mentioned below are required for NSDS-5.0.

There are some "gotchas" with NSDS-5.0 replication, however. The main
one being that if there is an error in the replication, you have to go
through a lot of manual "clean up" to correct and complete the process.
All of the NSDS "objects to be replicated" are housed in a special NSDS
subdirectory, and each entry is not updated or removed once it has been
replicated. Additionally, NSDS-5.0 has a "wrap" setting whereby it will
overwrite any objects in the "replication subtree", thereby maintaining
a (more or less) consistent maximum of entries in that particular
subtree. MAKE SURE THAT YOU READ _ALL_ OF THE NSDS DOCUMENTATION ON
REPLICATION! Be careful about confusing "consumer" and <whatever> types
of LDAP servers/clients.

The replication process is merely one LDAP server connecting to and
passing "LDAP commands" to another LDAP server.



On  8 Aug, Andreas wrote:
> Hi
> 
> Below you talk about attributes and objectClasses, but this is assuming
> replication is working, that is, NDS knows how to replicate to OpenLDAP.
> Does it? How does it see openldap, as another nds server? Or are you
> talking about some sort of manual/scripted replication here?
> 
> On Fri, Aug 08, 2003 at 08:08:02AM -0500, supraexpress@globaleyes.net wrote:
>> Every NSDS object which contains an ACI will require an ACI attribute to
>> be added to the list of objectClasses in the target OpenLDAP object. You
>> will probably have to create a locally defined ACI attribute in a local,
>> auxiliary, objectClass, and then add that local objectClass to the list
>> of objectClasses to each OpenLDAP object that will be created by the
>> replication process. It has been a LONG time since I have dealt with
>> this. OpenLDAPACI (or whatever) can't be used as NSDS doesn't know about
>> it.
>> 
>> There is also a "copiedFrom" attribute that you will have to create as
>> another local attribute in an auxiliary objectClass, that has to be
>> present in the root object of every subtree, if I remember correctly.
>> 
>> Other than that, you will also have to replicate locally defined NSDS
>> attributes and objectClasses into your OpenLDAP schemas, and possibly
>> slapd.conf INDEX entries. You should then be able to perform NSDS ->
>> OpenLDAP replications (though there may be other "gotchas" depending on
>> the version of OpenLDAP that you will be using).