At 05:00 PM 12/23/2006, Howard Chu wrote: >Kurt D. Zeilenga wrote: >>It might be more appropriate to handle this issue on the >>consumer than the provider. An arbitrary LDAP sync client >>might want this and other DSA specific attributes included >>in the content. That is, the provider should not assume >>the consumer is doing server-to-server replication. > >True. The problem was that the auditContext attribute wasn't defined on the >consumer. There's no obvious way to configure a consumer to exclude unknown >attributes,
Personally, I think this kind of problem is better solved by configuration then by code. Configuration wise, this can be addressed on either consumer side via a narrower attrs list, or on the provider side with an ACL. Kurt
