[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: refreshAndPersit vs. ACLs

--On Tuesday, October 24, 2006 5:00 PM +0200 Norbert Klasen <norbert@burgundy.dyndns.org> wrote:

we want entries to be replicated to a public slave, only if they have an
attribute worldreadable=TRUE.

So I've setup an ACL on the master which basically is like
access to * filter=(worldreadable=FALSE)
	by * none
access to *
	by * read
Thus, the consumer only sees entries it is allowed to replicate.

Wouldn't it be a lot easier to have that acl on your replica, so that any one binding can read it when it is true, and no one can read it when it is false? Then you can replicate it all you want, but you don't have to play games with the replication process.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html