Pierangelo Masarati wrote:
Since the structuralObjectClass attribute is supposed to have a very
special meaning for the DSA (RFC 4512), just adding it as a user
attribute seems to me quite a broken approach. Provided you're running
a decent version of OpenLDAP, you should be able to filter out undesired
attributes from the replication process. For example, in slapd.conf
(from slapd.conf(5) man page of OpenLDAP 2.3, but the feature exists
since OpenLDAP 2.1, I think)
replica [...]
attr!=structuralObjectClass
will prevent slurpd from replicating the negated attribute list.
Just for the records: a custom patch in this sense was developed by
SysNet back in the old times of OpenLDAP 2.0 exactly for the purpose of
replicating an OpenLDAP server to a proprietary LDAP server that didn't
like many operational attributes slurpd was willing to push in. It also
provided partial subtree replication capabilities.
A similar patch was prepared in the meanwhile by Symas and the two
merged into OpenLDAP 2.1.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@xxxxxxxxxx
---------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
