Re: [Q] can I replicate several branches to the same slave from one master?

[Quanah Gibson-Mount <quanah@symas.com>]

--On Friday, June 30, 2017 9:08 AM +0300 Zeus Panchenko <zeus@ibs.dn.ua> 
wrote:

> Quanah Gibson-Mount <quanah@symas.com> wrote:
> > Wouldn't it be simpler to define ACLs on the master that limit what
> > the replication identity has access to that matches your filters?
>
> emm ... I was sure I can not do that on the master side ... just I try
> do that, I receive full data ...

Then likely your ACLs were incorrect?

> looks like some more permittive acl works for the replica ... can I
> somehow know which acl matched the replica? But I was trying to place
> replABC ACLs to the end of the list and still was not able to limit data
> according the filter

I suggest reading the slapd.access(5) man page and the OpenLDAP Admin 
guide.  As clearly noted in the documentation, ACLs (generally) stop 
processing on the *first* match.  So, depending on your ACLs, adding your 
ACLS at the end of the list probably meant they were never evaluated.

> > I would also note that your stanza limiting what attrs are replicated
> > is missing the operational attributes that are necessary for sync
> > replication to function, so I would fully expect errors.
>
> do you mean entryCSN and entryUUID ?

Yes, sorry, I missed them at the start of the list of attributes. ;)  So 
that part seems ok.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>