Quanah Gibson-Mount <qua...@symas.com> wrote: > > Wouldn't it be simpler to define ACLs on the master that limit what > the replication identity has access to that matches your filters? >
emm ... I was sure I can not do that on the master side ... just I try do that, I receive full data ... looks like some more permittive acl works for the replica ... can I somehow know which acl matched the replica? But I was trying to place replABC ACLs to the end of the list and still was not able to limit data according the filter > I would also note that your stanza limiting what attrs are replicated > is missing the operational attributes that are necessary for sync > replication to function, so I would fully expect errors. do you mean entryCSN and entryUUID ? > unique, as documented in the man page. Given that OpenLDAP functions > off of CSN values, partial replication is tricky, as the master can > then have a contextCSN that does not correspond to anything in a > partially replicated database, depending on how you slice it. > I was sure I understood the documentation ... -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)