[Date Prev][Date Next]
Is it possible to replicate only some objects under a branch of
directory tree based on a filter?
For example, let assume I have "ou=people,dc=foobar,dc=com" with some
users under it. I would like to replicate only objects under this DN
that have attributes "(&(someAttr=TRUE)(anotherAttr=foobar))" to slave
LDAP server (for example, I want only some entries to be visible on
slave server for security reasons). Basically, this would be like
defining a filter for replication.
Of course, when attributes used by filter change (from example someAttr
or anotherAttr change value in the above example), replication process
would need to add/remove the entry to/from slave server.
Solution with putting users into separate subtrees wouldn't really be
the best solution for me, since I'd need to make several subtrees for
several slave servers. So, using subtrees, I would end up with multiple
entries for same user in various subtrees, instead of having single
entry for each user.
Is something like this possible? If not possible in current version of
OpenLDAP, it could be a usefull feature for some future version ;-)
Aleksandar Milivojevic <firstname.lastname@example.org> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7