[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl filtering



It seems we don't have much input on syncrepl filtering, but I found this thread, and it might serve as a starting point for testing:
http://www.openldap.org/lists/openldap-technical/200906/msg00311.html

Here is the working setup on the syncrepl consumer:

   syncrepl rid=123
            provider=ldap://rh-test3.kvm.rla:389
            type=refreshOnly
            interval=00:00:01:00
            retry="30 10 600 20"
            searchbase="dc=local"
            filter="(|(objectClass=sambaGroupMapping)(uid=user1))"
            scope=sub
            schemachecking=off
            bindmethod=simple
            binddn="uid=syncrepl,ou=sysusers,dc=local"
            credentials=pwdsyncrepl
            # BEGIN Session TLS
            starttls="critical"
            tls_cacert=__CACERTFILE__
            # End Session TLS

Obviously the binddn should have (just read ?) access to the part of the DIT being replicated.

In that thread, the user is using syncrepl type=refreshOnly with a filter on Openldap 2.3.

From an older thread (on openldap v2.3.11): http://www.openldap.org/lists/openldap-bugs/200512/msg00014.html, you can see another working setup. The user mentions some problems with type = refreshAndPersist replication but these are reported as corrected in subsequent openldap versions.

Nick