Hello OpenLDAP-software :)!
I have a working syncrepl replication and even managed to do fractional replication
(only a subset of attributes are replicated). The list of attributes that should be
replicated is defined via ACL on the provider, like this:
access to dn.subtree="ou=users,dc=org,dc=test,dc=si"
attrs=entry,top,person,organizationalPerson,inetOrgPerson,eduPerson,schacContactLocation,schacEmployeeInfo,schacEntryConfidentiality,schacEntryMetadata,schacLinkageIdentifiers,schacPersonalCharacteristics,schacUserEntitlements
by dn="cn=rep1,ou=replicators,dc=org,dc=test,dc=si" read
by anonymous auth
Consumer configuration looks like this:
syncrepl rid=111
provider="ldap://master"
type=refreshAndPersist
retry="10 +"
searchbase="ou=users,dc=org,dc=test,dc=si"
bindmethod=simple
binddn="cn=rep1,ou=replicators,dc=org,dc=test,dc=si"
credentials="xxx"
schemachecking=off
===============================================================
Everything is working fine, however the problem is that provider is
using some additional schema with attributes, which are of no interest
to the consumer. The unwanted attributes are filtered out via provider
ACL, however the data from the provider contains an additional objectClass
with a custom schema name. Becouse consumer doesn't have this schema
it denies replication with an error message:
... slapd[15143]: syncrepl_message_to_entry: mods check (objectClass: value #0 invalid per syntax)
Which is logical... the entry has an unknown objectClass.
Is it possible to somehow also filter out the unwanted "objectClass: unknownLocalStuff" ?
I tried googling for the fractional replication but it seems to be an obscure topic.
The OpenLDAP admin manual doesn't mention it so any help is welcome :).