Uli Tehrani wrote:
It is necessary to load the same overlay modules in a consumer configuration?
Is it also necessary to configure the overlay like in the provider
configuration ?
In general: No.
In detail: It depends.
There are overlays that are needed only for the provider, e.g. syncprov.
Others are only needed for the consumer like the chaining overlay.
So you're already answering your own general question. ;-)
But for other overlays it is not that clear:
Dynlist needs to be configured for both servers.
But what's about dds, ppolicy and refinit?
slapo-dds writes to expiring entries and processes Refresh Operation Requests.
You don't need that on read-only consumers.
I'm pretty sure you want to enforce your password policy everywhere. So
slapo-ppolicy is needed on both.
slapo-refint potentially writes to referencing entries. Those write requests
usually get replicated. You don't need that on read-only consumers.
Opposite example: Modifications by slapo-memberOf are not replicated. So you
need that on read-only consumers.
Is there a simple best practise ?
No.
slapo-constraint and slapo-unique are also overlays you don't need on
read-only consumers.
Another exotic example:
I'm running slapo-accesslog even on consumers because then local write
requests of slapo-ppolicy are recorded in a database then. Costs performance
though.
Ciao, Michael.