[Date Prev][Date Next] [Chronological] [Thread] [Top]

troubles with back-ldap based replication

To: openldap-technical@openldap.org
Subject: troubles with back-ldap based replication
From: DT Piotr Wadas <pwadas@dtpw.pl>
Date: Tue, 14 Sep 2010 12:00:02 +0200 (CEST)


Hello.

I have some troubles setting syncrepl + back-ldap push based
replication, as described on

http://www.openldap.org/doc/admin24/replication.html#LDAP Sync Replication

I'm using current stable openldap - the problem is, when I set up daemons 
(using the same slapcat output file) and modify e.g. "description" 
attribute on master side, back-ldap pushes out system attributes like 
entryCSN, creatorsName, etc, which causes modify operation to fail on 
final consumer side.

conn=1000 op=33 MOD attr=creatorsName createTimestamp description entryCSN
conn=1000 op=33 RESULT tag=103 err=19 text=creatorsName: no user modification allowed

Is it some ACL-related matter, should I create some ACL, which
denies to read of system attributes on master-side, to avoid replicating
it with syncrepl to local back-ldap ? 

In such push-based scenario ( in opposite to classic provider-consumer 
syncrepl), final consumer does not know actually that it is a replica, 
it's just receiving modify operation, how do I prevent read-only system 
attributes from being pushed from back-ldap to final replica?

Regards,
DT

Follow-Ups:
- Re: troubles with back-ldap based replication
  - From: DT Piotr Wadas <pwadas@dtpw.pl>

Prev by Date: Re: objectClass index from slapd.conf is not working
Next by Date: Re: objectClass index from slapd.conf is not working
Index(es):
- Chronological
- Thread