Rats. That's pretty much the conclusion I'd reached, but I'd hoped I was wrong, based on the wiki page. Unfortunately, for account terminations, we need more than just the ldif export/import, and Security is kind of cranky about the lack.

Thanks for the answer. I guess I'll cross my fingers that somebody takes it off of the wishlist soon.

   -- juniper

George Holbert wrote:
Currently, OpenLDAP and 389 have totally different replication mechanisms, so you can't really replicate between the two. You can of course export / import filtered LDIF in either direction, which, depending on the need, is occasionally good enough.

Anne Cross wrote:
I've been through the FDS/389 website, and the best I've come up with is this: http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration

Unfortunately, that gives me the sync in the wrong direction. We have pre-existing OpenLDAP servers that belong to a different group. We're supposed to be their ultimate source of data - once we get set up - but they won't change their servers from OpenLDAP because, as they say, they know how they work and why should they do more work.

I don't need data synced back from OpenLDAP, but syncrepl doesn't appear to do the right thing when pointed at an FDS directory server, so what's the secret, undocumented method? Even a hint would help. Google just keeps turning up pages where people have named their box "Fedora" and it's all openldap to openldap.




--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
,___,
{o,o}  Anne "Juniper" Cross
(___)  Senior Linux Systems Engineer and Extropic Crusader
-"-"-- Information Technology, ITA Software
/^^^

--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Reply via email to