[Date Prev][Date Next]
Re: Migrating from slapd 2.3 to 2.4
On 23/5/2012 5:35 ÎÎ, Howard Chu wrote:
RTFM. slapcat(8) can be told to dump only a portion of the database,
I know we can specify filters. However there is a huge difference
between specifying a filter and replicating based on ACLs (see below
more on this).
Possibly. There are server-specific operational attributes, which
might differ from one to the next. These are pretty rare though. Most
operational attributes are global to the directory system, and will be
OK, this is important to know. Thanks.
On 23/5/2012 5:15 ÎÎ, Quanah Gibson-Mount wrote:
Also, the recommendation is always to use a non-rootDN for
replication. I fail to see what that has to do with anything. You
can certainly fully replicate the DIT w/o a root DN for replication.
Of course we can replicate the whole DIT without a root DN. The problem
is the opposite: when we *don't want* to replicate the whole DIT and we
*intentionally* configure our consumers not with a filter, but with a
bind DN which has limited access to only particular parts of the DIT.
This is our case.
In such a case we *could try* to create a filter to simulate our ACLs,
in order to use it in a slapcat, but it's not the same, and it's not
guaranteed that such a filter will be possible to be constructed. Right?
So, what are our options here?