Rats. That's pretty much the conclusion I'd reached, but I'd hoped I
was wrong, based on the wiki page. Unfortunately, for account
terminations, we need more than just the ldif export/import, and
Security is kind of cranky about the lack.
Thanks for the answer. I guess I'll cross my fingers that somebody
takes it off of the wishlist soon.
-- juniper
George Holbert wrote:
> Currently, OpenLDAP and 389 have totally different replication
> mechanisms, so you can't really replicate between the two.
> You can of course export / import filtered LDIF in either direction,
> which, depending on the need, is occasionally good enough.
>
> Anne Cross wrote:
>> I've been through the FDS/389 website, and the best I've come up with
>> is this:
>> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
>>
>> Unfortunately, that gives me the sync in the wrong direction. We
>> have pre-existing OpenLDAP servers that belong to a different group.
>> We're supposed to be their ultimate source of data - once we get set
>> up - but they won't change their servers from OpenLDAP because, as
>> they say, they know how they work and why should they do more work.
>>
>> I don't need data synced back from OpenLDAP, but syncrepl doesn't
>> appear to do the right thing when pointed at an FDS directory server,
>> so what's the secret, undocumented method? Even a hint would help.
>> Google just keeps turning up pages where people have named their box
>> "Fedora" and it's all openldap to openldap.
>>
>>
>
>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
,___,
{o,o} Anne "Juniper" Cross
(___) Senior Linux Systems Engineer and Extropic Crusader
-"-"-- Information Technology, ITA Software
/^^^
