Pierangelo Masarati wrote: > Since the structuralObjectClass attribute is supposed to have a very > special meaning for the DSA (RFC 4512), just adding it as a user > attribute seems to me quite a broken approach. Provided you're running > a decent version of OpenLDAP, you should be able to filter out undesired > attributes from the replication process. For example, in slapd.conf > (from slapd.conf(5) man page of OpenLDAP 2.3, but the feature exists > since OpenLDAP 2.1, I think) > > replica [...] > attr!=structuralObjectClass > > will prevent slurpd from replicating the negated attribute list. Just for the records: a custom patch in this sense was developed by SysNet back in the old times of OpenLDAP 2.0 exactly for the purpose of replicating an OpenLDAP server to a proprietary LDAP server that didn't like many operational attributes slurpd was willing to push in. It also provided partial subtree replication capabilities. A similar patch was prepared in the meanwhile by Symas and the two merged into OpenLDAP 2.1. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati at sys-net.it ---------------------------------------
