[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Partial replication of attributes

Subject: Re: Partial replication of attributes
From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
Date: Thu, 23 Jan 2003 11:41:43 +0100
Cc: openldap-software@OpenLDAP.org, mdenk@whidbey.net
References: <3E2EC70B.4000902@int-evry.fr>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

As suggested off-list by mdenk@whidbey.net:

"What I had to do in order to get selective replication to work was to
restrict the replication of certain attributes using the "!attr = attr1,
attr2, attr3 . . ." directive.  That works well for me."

Indeed it works better, but I'd like to remove posixAccount objectclass and attributes on that replication, and now I get the following error while the replicate tries to add a new entry:

object class 'posixAccount' requires attribute 'uidNumber'

although I put in my slapd.conf for that replica:
replica         host=ldaptux1.int-evry.fr:9000
                suffix="ou=people,dc=int-evry,dc=fr"
		objectclass!=posixAccount
                attr!=loginShell,homeDirectory,uidNumber,gidNumber,gecos
		...

What's wrong now ?
Thanks.

PS: replica logs Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 ADD dn="uid=fluerksu,ou=People,dc=int-evry,dc=fr" Jan 23 11:26:47 ldaptux1 slapd[16172]: Entry (uid=fluerksu,ou=People,dc=int-evry,dc=fr): object class 'posixAccount' requires attribute 'uidNumber' Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 RESULT tag=105 err=65 text=object class 'posixAccount' requires attribute 'uidNumber'

Jehan PROCACCIA wrote:

hello,
I use openldap 2.1.12, bdb 4.1.25, redhat 8.0
I've read from man slapd.conf that we can partialy replicate :-) However with the following configuration, I get all of my attributes replicated !?
replica         host=ldaptux1.int-evry.fr:9000
        #restriction to a subtree
                suffix="ou=people,dc=int-evry,dc=fr"
        #restrict to a subset of objectclass
                objectclass="person organizationalPerson inetOrgPerson"
                binddn="cn=replicator,ou=System,dc=int-evry,dc=fr"
                bindmethod=simple   credentials=secret
I insert a new ldap entry with ldapadd, the entry ldif file containing:
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: IntE-user
objectClass: labeledURIObject
objectClass: strongAuthenticationUser
objectClass: certificationAuthority
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
and lots of related attributes, ei: homeDirectory
the ldapadd works fine, but on the replica machine I still get the wall set of attributes/objeclass for that new entry, although I wanted to restrict to attributes from objectclass="person organizationalPerson inetOrgPerson" as stated in my slapd.conf file . What is wrong ?

Second question: How can you initiate the database of the replica ? If I traditionnally do a slapcat on both master & slave, I get initialy all on the slave :-( !. Should I reinitiate both master & slave by a ldapadd of the wall database ?
Thanks.

Follow-Ups:
- Re: Partial replication of attributes
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Partial replication of attributes
  - From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>

Prev by Date: OpendLDAP Unable to find SASL2
Next by Date: Re: samba-specific question about attribute generation
Index(es):
- Chronological
- Thread