[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Partial replication of attributes
As suggested off-list by mdenk@whidbey.net:
"What I had to do in order to get selective replication to work was to
restrict the replication of certain attributes using the "!attr = attr1,
attr2, attr3 . . ." directive. That works well for me."
Indeed it works better, but I'd like to remove posixAccount objectclass
and attributes on that replication, and now I get the following error
while the replicate tries to add a new entry:
object class 'posixAccount' requires attribute 'uidNumber'
although I put in my slapd.conf for that replica:
replica host=ldaptux1.int-evry.fr:9000
suffix="ou=people,dc=int-evry,dc=fr"
objectclass!=posixAccount
attr!=loginShell,homeDirectory,uidNumber,gidNumber,gecos
...
What's wrong now ?
Thanks.
PS: replica logs
Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 ADD
dn="uid=fluerksu,ou=People,dc=int-evry,dc=fr"
Jan 23 11:26:47 ldaptux1 slapd[16172]: Entry
(uid=fluerksu,ou=People,dc=int-evry,dc=fr): object class 'posixAccount'
requires attribute 'uidNumber'
Jan 23 11:26:47 ldaptux1 slapd[16172]: conn=0 op=1 RESULT tag=105 err=65
text=object class 'posixAccount' requires attribute 'uidNumber'
Jehan PROCACCIA wrote:
hello,
I use openldap 2.1.12, bdb 4.1.25, redhat 8.0
I've read from man slapd.conf that we can partialy replicate :-)
However with the following configuration, I get all of my attributes
replicated !?
replica host=ldaptux1.int-evry.fr:9000
#restriction to a subtree
suffix="ou=people,dc=int-evry,dc=fr"
#restrict to a subset of objectclass
objectclass="person organizationalPerson inetOrgPerson"
binddn="cn=replicator,ou=System,dc=int-evry,dc=fr"
bindmethod=simple credentials=secret
I insert a new ldap entry with ldapadd, the entry ldif file containing:
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: IntE-user
objectClass: labeledURIObject
objectClass: strongAuthenticationUser
objectClass: certificationAuthority
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
and lots of related attributes, ei: homeDirectory
the ldapadd works fine, but on the replica machine I still get the wall
set of attributes/objeclass for that new entry, although I wanted to
restrict to attributes from objectclass="person organizationalPerson
inetOrgPerson" as stated in my slapd.conf file . What is wrong ?
Second question: How can you initiate the database of the replica ? If I
traditionnally do a slapcat on both master & slave, I get initialy all
on the slave :-( !. Should I reinitiate both master & slave by a ldapadd
of the wall database ?
Thanks.