Re: partial replication?

[Howard Chu <hyc@symas.com>]

Pierangelo Masarati wrote:

> Aleksandar Milivojevic wrote:
>
> > Is it possible to replicate only some objects under a branch of 
> > directory tree based on a filter?
> >
> > For example, let assume I have "ou=people,dc=foobar,dc=com" with some 
> > users under it.  I would like to replicate only objects under this DN 
> > that have attributes "(&(someAttr=TRUE)(anotherAttr=foobar))" to 
> > slave LDAP server (for example, I want only some entries to be 
> > visible on slave server for security reasons).  Basically, this would 
> > be like defining a filter for replication.
> >
> > Of course, when attributes used by filter change (from example 
> > someAttr or anotherAttr change value in the above example), 
> > replication process would need to add/remove the entry to/from slave 
> > server.
> >
> > Solution with putting users into separate subtrees wouldn't really be 
> > the best solution for me, since I'd need to make several subtrees for 
> > several slave servers.  So, using subtrees, I would end up with 
> > multiple entries for same user in various subtrees, instead of having 
> > single entry for each user.
> >
> > Is something like this possible?  If not possible in current version 
> > of OpenLDAP, it could be a usefull feature for some future version ;-)
> See the "filter" parameter to syncrepl in Admin Guide 
> <http://www.openldap.org/doc/admin22/syncrepl.html>.
In OpenLDAP 2.2 syncrepl filtering support is unreliable, it will not 
correctly issue Delete requests for entries whose values have dropped 
out of the filter. This feature only works correctly in 2.3/HEAD.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support