Hi Janne,
And thank you for the answer. I found out that the replication source is
actually a redundant two node installation with MirrorMode [1]
replication between the nodes.
Is this game changer? Can I add two syncrepl providers to the consumer's
slapd configuration? If it's not possible I think one provider is enough.
Kind regards,
Harri
[1] https://www.openldap.org/doc/admin24/replication.html#MirrorMode
On 14.1.2021 12.03, Janne Peltonen wrote:
Hi!
General FAQ on openldap replication:
https://www.openldap.org/faq/data/cache/1170.html
Use the "syncrepl" configuration directive. On the page
https://www.openldap.org/faq/data/cache/1117.html
there's a configuration example about how to replicate an entire LDAP
tree:
--clip--
syncrepl rid=1
provider=ldap://ldap1.my.org:389
type=refreshAndPersist
retry="60 +"
searchbase="o=my.org,c=us"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=syncuser,o=my.org,c=us"
credentials=syncpass
updateref ldap://ldap1.my.org
--clip--
Note the options 'searchbase', 'filter', 'scope' and 'attrs' that define
the LDAP search used to select which objects to replicate. You can set
them in the same way you would using ldapsearch to only replicate those
objects you need to replicate.
Best,
Janne P.
On Wed, Jan 13, 2021 at 12:13:43PM +0200, Harri T. wrote:
Hi,
Is it possible to integrate two OpenLDAP servers so that some users
(filtered by some criteria) are replicated from one server to another (but
not vice versa)?
Does OpenLDAP provide some functionalties for this or must I write a cron
scheduled shell script utilizing ldapsearch and ldapmodify?
Any advice or configuration example is appreciated.
Kind regards,
Harri
