[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl replication with a non-slapd master?

On Mon, Aug 11, 2008 at 11:38:12AM -0700, Grant Gossett wrote:

> Is it possible to use syncrepl replication with a non slapd master?

Very unlikely. The syncrepl protocol is quite new, and I do not know
of any other servers that implement it.

You might be able to construct something that works the other way
around - with an OpenLDAP master pushing changes to a different
type of replica server. This would use an LDAP backend so the replica
would never see the syncrepl protocol anyaway.

> Being more specific, I would like to have a copy of several different
> microsoft domains held on a slapd server. I've seen this question posed
> in the archives but I haven't been able to find much in the way of an
> answer anywhere.  
> Assuming that slapd + syncrepl will work with non-slapd masters, is the
> next obstacle going to be making a schema that matches the active
> directory shema so that replication can actually occur?

You will certainly need to define appropriate schema. Once that is in place
you will need to use some directory-synchronisation product or write
scripts to do the replication. Possible in principle, but you will never
get any password data from AD via LDAP (because there isn't any there).

I have had success in this sort of environment using Microsoft's
windows-to-unix password-sync system (part of SFU) to notify the
synchronisation system when an entry is created. It is still necessary
to do periodic full scans to detect other changes.

The solution to this problem is not really specific to OpenLDAP so
you may get more answers from a different mailing list.

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |