Uli Tehrani wrote: > It is necessary to load the same overlay modules in a consumer configuration? > > Is it also necessary to configure the overlay like in the provider > configuration ? In general: No. In detail: It depends. > There are overlays that are needed only for the provider, e.g. syncprov. > Others are only needed for the consumer like the chaining overlay. So you're already answering your own general question. ;-) > But for other overlays it is not that clear: > > Dynlist needs to be configured for both servers. > > But what's about dds, ppolicy and refinit? slapo-dds writes to expiring entries and processes Refresh Operation Requests. You don't need that on read-only consumers. I'm pretty sure you want to enforce your password policy everywhere. So slapo-ppolicy is needed on both. slapo-refint potentially writes to referencing entries. Those write requests usually get replicated. You don't need that on read-only consumers. Opposite example: Modifications by slapo-memberOf are not replicated. So you need that on read-only consumers. > Is there a simple best practise ? No. slapo-constraint and slapo-unique are also overlays you don't need on read-only consumers. Another exotic example: I'm running slapo-accesslog even on consumers because then local write requests of slapo-ppolicy are recorded in a database then. Costs performance though. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature