Today at 11:36am, Quanah Gibson-Mount wrote:
--On Thursday, May 19, 2016 12:18 PM -0400 Frank Swasey
<[email protected]> wrote:
Today at 10:37am, Quanah Gibson-Mount wrote:
--On Thursday, May 19, 2016 10:11 AM -0400 Frank Swasey
<[email protected]> wrote:
I am running OpenLDAP 2.4.44 locally built on RHEL7 using mdb as the
database backend. I am attempting to replicate just the
inetLocalMailRecipient objectclass and the DSA attributes to a new set
of replicas that will be in charge of delivering mail. I would like
the DSA attributes (creator, modifier, contextCSN, entryCSN, entryUUID
- etc) to be included, so I can more easily tell if the partial replica
is actually staying sync'd to the master.
My reading of the man pages for slapd.conf and slapd.access have me part
way there, but setting up a replication DN and using acls to limit its
access to the inetLocalMailRecipient objectclass. What I'm not finding
is a way to specify all of (what I'm calling) the DSA attributes
(without naming them all individually) - have I missed something in the
man pages or is the source code (or the benevolence of one of you good
folks) my only hope?
+
Sadly, slapd will not start with the following acl:
access to attrs=@inetLocalMailRecipient,+
by dn.exact="cn=MailReplicator,dc=example,dc=com" read
by * break
It does not like the + in the attrs.
I would put it in the syncrepl attr list.
Having not specified an attr list on the syncrepl, it was already
defaulting to "*,+" - what I have discovered is I have to allow the
MailReplicator dn to see the contextCSN attribute, but the syncrepl
attrs of "*,+" gets the rest of the DSA attributes. I guess contextCSN
is not a DSA attribute.
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
