[Date Prev][Date Next]
Re: Syncrepl partial replication based on attribute problem
On 1/6/2012 8:54 ÏÎ, Jeffrey Crawford wrote:
Are you saying that syncprov looks at the account that is bound and
sends deletes if a record would become invisible after a modification?
I understand the opposite: syncprov will only send add/delete message
based on base/scope/filter and not on ACL-visibility. So in essence
Howard says that ACL-based filtering in replication does not result in
proper results to consumers.
This is tricky! (I didn't know either.) It means that we should *not*
design our replication based on ACL-filtering (which, unfortunately, we
have done too), but, on the contrary, that we should design our DIT so
that it can cover our replication needs based on consumer
base/scope/filter configuration, and we should design/adapt our ACLs
with the above rule in mind.
Please confirm the above thoughts.