Am Tue, 25 Feb 2014 18:24:14 -0300 schrieb Italo Valcy <[email protected]>:
> Hello Dieter, > > On Tue, Feb 25, 2014 at 5:05 PM, Dieter Klünter <[email protected]> > wrote: > > > No, syncrepl (consumer) does not reqire operational attributs. Only > > if the ldap backend is also defined as syncprov (provider), than > > some operational attributes are required in order to provide valid > > data. But I don't think that the fedora directory supports RFC 4533. > > > > Thanks for the reply! > > Yes, but this is the only way the documentation points to in order to > have a push-based replication initiated by the provider, do you > agree? Bellow is part of OL documentation: > > 18.2.4. Syncrepl Proxy Mode > > While the LDAP Sync protocol supports both pull- and push-based > replication, the push mode (refreshAndPersist) must still be initiated > from the consumer before the provider can begin pushing changes > (...) This mode can be configured with the aid of the LDAP Backend > (Backends and slapd-ldap(8)). Instead of running the syncrepl > engine on the actual consumer, a slapd-ldap proxy is set up near (or > collocated with) the provider that points to the consumer, and the > syncrepl engine runs on the proxy. > > 18.2.4.1. Replacing Slurpd > > The old slurpd mechanism only operated in provider-initiated push > mode. Slurpd replication was deprecated in favor of Syncrepl > replication and has been completely removed from OpenLDAP 2.4. > > Using the old slurpd, it was possible to filter which attributes I > would like to send to the consumer. But, as far as could understand, > this workaround is not possible with the above proposal (from doc). > > Do you see any other way to achieve this feature? Actually, I have no clue how to configure fedora directory as syncrepl consumer. Just as a proof of conzept I have setup a ldap backend with a minimal configuration which you may find here http://pastebin.de/40936 and simulated a consumer ldapsearch \ -Esync=rp/rid=091,csn=20140115000000.126579Z#000000#000#000000 \ -x -D "cn=Replicator,o=avci,c=de" -w xxxx -H ldap://localhost \ -b "o=avci,c=de" -s sub "*" You may test yourself. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
