Thanks Howard,
Let me make sure I understand your response. I'm not changing any ACL's,
they are staying the same. Just the attributes in the record are changing.
Are you saying that syncprov looks at the account that is bound and sends
deletes if a record would become invisible after a
On 1/6/2012 8:54 πμ, Jeffrey Crawford wrote:
Are you saying that syncprov looks at the account that is bound and
sends deletes if a record would become invisible after a modification?
I understand the opposite: syncprov will only send add/delete message
based on base/scope/filter and not on
Humm and taking this one step further I'm guessing that the replication
account probably needs to see at least the entryUUID and entryCSN for all
accounts to make sure that it can see the records it needs to delete. Okay
at least I have some direction to go on now.
Jeffrey
On Fri, Jun 1, 2012 at
Ok I think I got this to work I didn't add a filter to the syncrepl
parameter so I'm using ACL's as before, however I changed the acls to
allow the replica account access to the attributes entry and entryUUID
only on every item in the directory, now setting attributes to values
so that they no
Hello,
I had thought I tested this beforehand but I seem to be able to reliably
reproduce the following situation:
We have an installation where the provider server has information that is
replicated to downstream replicas using the syncrepl protocol. The account
used to replicate is allowed to
Jeffrey Crawford wrote:
Hello,
I had thought I tested this beforehand but I seem to be able to reliably
reproduce the following situation:
We have an installation where the provider server has information that is
replicated to downstream replicas using the syncrepl protocol. The account
used
I would like to replicate only some OUs under the baseDN ; ou=people and
ou=group,ou=system, but not the remaining of OUs below ou=system =
ou=Hosts , ou=Networks, ou=Protocol.
How can I remove those branches to replicate ?
my actual syncrepl config that replicate all the subtree branches:
On 03/20/2012 10:54 AM, jehan procaccia wrote:
I would like to replicate only some OUs under the baseDN ; ou=people and
ou=group,ou=system, but not the remaining of OUs below ou=system =
ou=Hosts , ou=Networks, ou=Protocol.
How can I remove those branches to replicate ?
my actual syncrepl
=System,dc=int-evry,dc=fr
credentials=secret
updateref ldaps://master.domain.fr:636
Define the ACL for binddn=cn=replic,ou=System,dc=int-evry,dc=fr such
that it cannot access the ou's you don't want to sync.
suomi
Thanks, I achieved a partial replication to only wanted branches, as you
Hello,
I have multiple v. 2.4.23 and 2.4.26 servers doing the master-slave
replication using syncrepl.
The main server contains multiple subordinate DIT-s that get replicated
to different servers:
* DIT1 from master to server A, B, C
* DIT2 from master to server D, E, F
* DIT3 from master
On 04/06/10 14:55, Andrew Findlay wrote:
On Thu, Apr 01, 2010 at 09:53:07PM +0200, Zdenek Styblik wrote:
you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld
for replication, then allow this cn=mirrorA to read only
o=support,dc=example,dc=com and
On Thu, Apr 01, 2010 at 09:53:07PM +0200, Zdenek Styblik wrote:
you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld
for replication, then allow this cn=mirrorA to read only
o=support,dc=example,dc=com and o=location_A,dc=example,dc=com, but nowhere
else.
I have used
The e-mail thread seems to have wandered a bit, hoping I am replying to the
correct one.
I've tested both methods, ACL vs 'syncrepl search filter', both seem to work
well for me. I agree with Andrew's point that controlling this via the ACLs on
the provider is more secure (in my case).
On Wed, Mar 31, 2010 at 08:43:19AM +0200, Zdenek Styblik wrote:
How about to refuse rights to the syncrepl user?
Actually, you could apply this to the whole tree. Just allow read to DNs
you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld
for replication, then allow this
On 04/01/10 21:43, Andrew Findlay wrote:
On Wed, Mar 31, 2010 at 08:43:19AM +0200, Zdenek Styblik wrote:
How about to refuse rights to the syncrepl user?
Actually, you could apply this to the whole tree. Just allow read to DNs
you want to replicate. So, let's say you use
Andrew Findlay wrote:
On Wed, Mar 31, 2010 at 08:43:19AM +0200, Zdenek Styblik wrote:
How about to refuse rights to the syncrepl user?
Actually, you could apply this to the whole tree. Just allow read to DNs
you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld
for
On 03/31/10 01:28, Joe Friedeggs wrote:
On 03/30/10 18:36, Joe Friedeggs wrote:
Is it possible to replicate, on a slave, two branches of the DIT (only)? I have
several instances of LDAP running on servers throughout the world. Connection
to some of these from our support location is not
Is it possible to replicate, on a slave, two branches of the DIT (only)? I
have several instances of LDAP running on servers throughout the world.
Connection to some of these from our support location is not dependable. I
want to do something similar to this:
Main LDAP (here, master):
On 03/30/10 18:36, Joe Friedeggs wrote:
Is it possible to replicate, on a slave, two branches of the DIT (only)? I
have several instances of LDAP running on servers throughout the world.
Connection to some of these from our support location is not dependable. I
want to do something
On 03/30/10 18:36, Joe Friedeggs wrote:
Is it possible to replicate, on a slave, two branches of the DIT (only)? I
have several instances of LDAP running on servers throughout the world.
Connection to some of these from our support location is not dependable. I
want to do something
20 matches
Mail list logo
