[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication from OpenLDAP to Fedora 389 DS

To: openldap-technical@openldap.org
Subject: Re: Replication from OpenLDAP to Fedora 389 DS
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Wed, 26 Feb 2014 08:46:49 +0100
In-reply-to: <CAJBgHobPAs0y5tNGWpci8BHRL1xcZrK8mnHmfpmmUmuZ8gz2dQ@mail.gmail.com>
Organization: AVCI
References: <CAJBgHoZb9LcAMLp9hETvxvunHC-594_SLdpd6WXtMKoH85b7Dg@mail.gmail.com> <20140225110435.644598c0@pink.avci.de> <CAJBgHoaBqJeYmNX07Wj_cB5yJpnKRTe2142DRXQWHM8HEt+Yzw@mail.gmail.com> <20140225145028.1dfc4952@pink.avci.de> <CAJBgHoYq_P5t5js=MRsJ1LDM7YFx2y7uFGC-AW-HWP3mo5jr0w@mail.gmail.com> <20140225210547.3e6ba31f@pink.avci.de> <CAJBgHobPAs0y5tNGWpci8BHRL1xcZrK8mnHmfpmmUmuZ8gz2dQ@mail.gmail.com>

Am Tue, 25 Feb 2014 18:24:14 -0300
schrieb Italo Valcy <italovalcy@gmail.com>:

> Hello Dieter,
> 
> On Tue, Feb 25, 2014 at 5:05 PM, Dieter KlÃnter <dieter@dkluenter.de>
> wrote:
> 
> > No, syncrepl (consumer) does not reqire operational attributs. Only
> > if the ldap backend is also defined as syncprov (provider), than
> > some operational attributes are  required in order to provide valid
> > data. But I don't think that the fedora directory supports RFC 4533.
> >
> 
> Thanks for the reply!
> 
> Yes, but this is the only way the documentation points to in order to
> have a push-based replication initiated by the provider, do you
> agree? Bellow is part of OL documentation:
> 
>     18.2.4. Syncrepl Proxy Mode
> 
>     While the LDAP Sync protocol supports both pull- and push-based
> replication, the push mode (refreshAndPersist) must still be initiated
>     from the consumer before the provider can begin pushing changes
> (...) This mode can be configured with the aid of the LDAP Backend
>     (Backends and slapd-ldap(8)). Instead of running the syncrepl
> engine on the actual consumer, a slapd-ldap proxy is set up near (or
>     collocated with) the provider that points to the consumer, and the
> syncrepl engine runs on the proxy.
> 
>     18.2.4.1. Replacing Slurpd
> 
>     The old slurpd mechanism only operated in provider-initiated push
> mode. Slurpd replication was deprecated in favor of Syncrepl
> replication and has been completely removed from OpenLDAP 2.4.
> 
> Using the old slurpd, it was possible to filter which attributes I
> would like to send to the consumer. But, as far as could understand,
> this workaround is not possible with the above proposal (from doc).
> 
> Do you see any other way to achieve this feature?

Actually, I have no clue how to configure fedora directory as syncrepl
consumer.
Just as a proof of conzept I have setup a ldap backend with a minimal
configuration which you may find here
http://pastebin.de/40936
and simulated a consumer
 
ldapsearch \
 -Esync=rp/rid=091,csn=20140115000000.126579Z#000000#000#000000 \
 -x -D "cn=Replicator,o=avci,c=de" -w xxxx -H ldap://localhost \
 -b "o=avci,c=de" -s sub "*"

You may test yourself.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E

References:
- Replication from OpenLDAP to Fedora 389 DS
  - From: Italo Valcy <italovalcy@gmail.com>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Italo Valcy <italovalcy@gmail.com>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Italo Valcy <italovalcy@gmail.com>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Replication from OpenLDAP to Fedora 389 DS
  - From: Italo Valcy <italovalcy@gmail.com>

Prev by Date: Re: Replication from OpenLDAP to Fedora 389 DS
Next by Date: Re: Not able to authenticate Windows and MAC client
Index(es):
- Chronological
- Thread