On 09/15/2015 05:14 PM, Nicola Canepa wrote: > Hello list. > I'm trying to make a test deploy of FreeIPA, and I was wondering if it > is possible to authenticate remote sites via LDAP by havong a partial > replica based on saome filter (maybe a group, an attribute or similar). > > Sorry if this is a silly question, but I am trying to explore the > possibilities that I could have to slowly replace local authentications > spread in various sites by having a central store (backed by FreeIPA) > and many partial replicas which would contain what now I have in RADIUS > or other authentication sources. > > Thank you for any advice or pointer you can give to me. > > Nicola >
Hello! Short answer is that FreeIPA does not support filter-based partial replication. AFAIK, 389 can do fractional replication, which can exclude certain attributes from being replicated (and hence lower the replication traffic), but I gather that will not help in your use case. See nsds5replicatedattributelist and nsds5replicatedattributelisttotal attributes of the replication agreement, if interested. Tomas -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
