[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Limiting which attributes get replicated
- To: 'Quanah Gibson-Mount' <quanah@symas.com>, Philip Colmer <philip.colmer@linaro.org>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: RE: Limiting which attributes get replicated
- From: Etan Weintraub <eweintra@jhmi.edu>
- Date: Thu, 8 Jun 2017 13:38:15 +0000
- Accept-language: en-US
- Content-language: en-US
- In-reply-to: <F2384771BB5491E9C86EBB31@[192.168.1.19]>
- Ironport-phdr: 9a23:ALF9HR1b5IRSLNV2smDT+DRfVm0co7zxezQtwd8ZsesXLvjxwZ3uMQTl6Ol3ixeRBMOAuq0C1bGd7fqocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDiwbalzIRi4ognct9caipZ+J6gszRfEvmFGcPlMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLDQheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjljsJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ3dKUMRMWCxbGo6yb5UBAfcdPehWrIf9qVkBrRqiCgajH+7vxSNEimPu0KEmz+gtDAfL1xEgEdIUt3TUqc34OqgOUe+vyqnD0DXMYO1X2Tf79IjIaAouoeyXUrltdsfe10cuGB3EjlWWtYzlJSma2/8Ps2ib6upgVPijhHA6pAFsuzWiwNonhIfOhoIQ0F/E9CN5zZ4uJdy4TU50e8WkHIFMuCGdMot7RN4pTWJwuCsi17EKpYS3cDUJxZg63RLTdfyKf5KW7h79SOqdOSp0iG5/dL6iiBu+60ytx+/mWsWq3ltGsDJJktfSuX0OyxDe782KR/hg8kqgxzqC0h3f5fpALE00kKfUNZ8szaMsmZcWr0jMAzH5l1/wgaSLbEsr4PKo5P7iYrj+o5+cMJJ7hR/mP6Q1n8y/Hfw4Mg8TX2iH4ei81KPs/Un+QLhSgfM4j6jXvpfEK8sbqaC2AhFZ3po55xexDjem1s4UkmMaI15fehKHj5XpN0vQL//lEPezm1WskDF1yPDaJrDtH4nBImLenLriYLpx8VBQxQopwdxB+Z5YFqkNIPfpVU/wsNzYAAU5Mwuxw+v/Ftp82J0RWWOJAq+FKqPdq0SF5uAvI+mJZY8ZoijyJOU45/L2l382hUcdfbW13ZsQcH24B+lmLF+fYXX2gtcMCnwKvwo7TOPwk12OSyJcZ3G3X6gk/DE0FJqmDZvfRoCqmLGBxCe7HpxSZmBHElCAC2vnd4KAW/cJdi2SONRskjgFVbinUYAhzxauuBX9y7p9Iere4jcYuo771Nhp++3Tkgk/9TtsD8uD1WGNS3x7kXkQRzMvwKBwv1ByyleF0ah5n/NXD9hT6uhOUgciK5Hcyeh6BM3oVQLZZNuJT0ymQtr1SQ02G50I3tYIakY1NNSolRfFmg+tHrkJ2PTfHYE99Kvc92PgIs9mjX3B0f9lx2EmQ89OLSWNgap6+hKbU5bJkkGYj+ChcqAZ0TTl8GaFxHCJ+kZCX1g0Ge/CRX0ZYkfftZHl60jCSb6lALAPNRNMz8qOI7MMbcfmxx0SQ+/uPtDSanr0h2q7BRCJzbqIRI3ydmMZ0CzFTk8enFZA02yBMF0TGi6n613TDTpyD1vyaQu4/PZzqXWnVEYczQGPbgts26fjqU1dvuCVV/5GhuFMgywmsTghWQ/lh98=
- References: <CAKTSSTjRWEspDyu0z5duyjOX4S2LQCYaEFMT4QuCPrHqmRAtag@mail.gmail.com> <WM!01c15afecf3888c85575c5041196036b39def9b078e72647c262f7e67d5cf73a35f738b5 b7af7af9320a6d36c0ffa202!@mailstronghold-2.zmailcloud.com> <F2384771BB5491E9C86EBB31@[192.168.1.19]>
- Thread-index: AQHS4EI9seopgdqVZkqjo7Qvexcf9aIa9xr/gAABHLA=
- Thread-topic: Limiting which attributes get replicated
Actually, I've found another possible way. If I use the rwm overlay, I can
modify the DN that is sent in. I just need a way to get the IP to put in the
rewriteRule and I should be good. Any ideas on that?
-Etan E. Weintraub
Information Security Architect
IT@Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Davis Building Suite 3110B
Baltimore, MD 21209
Phone: 667-208-6309
E-mail: eweintra@jhmi.edu
-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On
Behalf Of Quanah Gibson-Mount
Sent: Thursday, June 8, 2017 9:31 AM
To: Philip Colmer <philip.colmer@linaro.org>;
openldap-technical@openldap.org
Subject: Re: Limiting which attributes get replicated
--On Thursday, June 08, 2017 12:28 PM +0100 Philip Colmer
<philip.colmer@linaro.org> wrote:
> What happens if one of the consuming LDAP servers is then itself
> queried for an attribute that hasn't been synced? So, for example, if
> a system in a data centre connects to a local consuming LDAP server
> and asks for a jpegPhoto, that won't be on the local server, so what
> happens then?
Might be easiest to use an ACL to drop the attributes you don't want it to
replicate for the replication DN for those consumers. As for what happens
when a client requests jpegPhoto and it doesn't exist, the same thing that
happens for any client that requests an attribute that doesn't exist -- It
won't get a result that includes that attribute.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature