[Date Prev][Date Next] [Chronological] [Thread] [Top]

sync replication of a subtree



Hi,

I'd like to have a subtree managed by a second LDAP server and its contents replicated to the "upper" server.

server A: suffix="dc=domain,dc=org"
server B: suffix="ou=people,dc=domain,dc=org"

B's subtree should be replicated to A and should be searchable on A.

I chose sync replication (only A can contact B) and had to configure two backends on each server (otherwise syncrepl says "shadow context" when trying to update cn=testuser,dc=domain,dc=org on A).

Now the tricky part: The subtree ou=people,dc=domain,dc=org is available on A (syncrepl works) but it's not visible using a searchbase of dc=domain,dc=org. The subtree's content can be searched using the searchbase ou=people,dc=domain,dc=org. A simple search on A for (cn=Name) should go through A's native content and its copy of B's subtree.

Here's the setup of both:

server A:

database	bdb
suffix		"ou=people,dc=domain,dc=org"
rootdn		"cn=root,ou=people,dc=domain,dc=org"
syncrepl	rid=123
		provider=ldap://ldap.domain.org
		type=refreshOnly
		interval=00:01:00:00
		searchbase="ou=people,dc=domain,dc=org"
		filter="(objectClass=organizationalPerson)"
		scope=sub
		schemachecking=off
		updatedn="cn=syncuser,ou=people,dc=domain,dc=org"
		bindmethod=simple
		binddn="cn=syncuser,ou=people,dc=domain,dc=org"
		credentials=secret
updateref       ldap://ldap.domain.org
directory	/var/lib/ldap/openldap-data-repl
rootpw...
index...

database	bdb
suffix		"dc=domain,dc=org"
rootdn		"cn=root,dc=domain,dc=org"
directory	/var/lib/ldap/openldap
rootpw...
index...


server B:

database	bdb
suffix		"ou=people,dc=domain,dc=org"
rootdn		"cn=root,ou=people,dc=domain,dc=org"
sessionlog	123 100
directory	/var/lib/ldap/openldap-data-repl
rootpw...
index...

database	bdb
suffix		"dc=domain,dc=org"
rootdn		"cn=root,dc=domain,dc=org"
directory	/var/lib/ldap/openldap
rootpw...
index...