[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl partial replication based on attribute problem

On 1/6/2012 8:54 ÏÎ, Jeffrey Crawford wrote:

Are you saying that syncprov looks at the account that is bound and sends deletes if a record would become invisible after a modification?

I understand the opposite: syncprov will only send add/delete message based on base/scope/filter and not on ACL-visibility. So in essence Howard says that ACL-based filtering in replication does not result in proper results to consumers.

This is tricky! (I didn't know either.) It means that we should *not* design our replication based on ACL-filtering (which, unfortunately, we have done too), but, on the contrary, that we should design our DIT so that it can cover our replication needs based on consumer base/scope/filter configuration, and we should design/adapt our ACLs with the above rule in mind.

Please confirm the above thoughts.