On 03/31/10 01:28, Joe Friedeggs wrote:
On 03/30/10 18:36, Joe Friedeggs wrote:
Is it possible to replicate, on a slave, two branches of the DIT (only)? I have
several instances of LDAP running on servers throughout the world. Connection
to some of these from our support location is not dependable. I want to do
something similar to this:
Main LDAP (here, master):
dc=example,dc=com
|
+--o=support
|
+--o=location_A
|
+--o=location_B
|
+--o=location_C
In Location A (remote slave):
dc=example,dc=com
|
+--o=support
|
+--o=location_A
In Location B (remote slave):
dc=example,dc=com
|
+--o=support
|
+--o=location_B
Location A& B are two different customers, therefore it would not be prudent
to replicate Location B's users in Locations A. But I need the Support group to
exist in all locations.
Hello,
Can this be done using syncrepl?
I believe this could be done via 'searchbase="dc=domain,dc=tld"' option.
I wish it was that easy. What I need is both
o=support,dc=example,dc=com
AND
o=location_A,dc=example,dc=com
replicated in the Location_A database, but I don't want
o=location_B,dc=example,dc=com
in the database of Location_A
I have not found a way to make that work with syncrepl searchbase.
How about to refuse rights to the syncrepl user?
Actually, you could apply this to the whole tree. Just allow read to DNs
you want to replicate. So, let's say you use cn=mirrorA,dc=domain,dc=tld
for replication, then allow this cn=mirrorA to read only
o=support,dc=example,dc=com and o=location_A,dc=example,dc=com, but
nowhere else.
How about that?
Zdenek
Thanks,
Joe
...
Thanks,
Joe
Regards,
Zdenek
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/210850553/direct/01/
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: [email protected]
jabber: [email protected]
