389 DS is nowadays supporting the syncrepl protocol, so in theory it _might_ work but I have not tried it.
The real question is why would anyone want to use BDB in 2018 when MDB has already been around for more than a few years? On Tue, Aug 21, 2018 at 11:09 PM Ulrich Windl <[email protected]> wrote: > > Hi! > > As stated some time ago the SUSE Linux Enterprise Server 15 (SLES15) switched > from OpenLDAP to 389 Directory Server. > Trying the latter, I see that it still works with BDB (4.8), and setup is > easy. It also seems to have modern features like these: > > \n+Entry cn=SSHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=SSHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=SSHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=SHA384,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=SHA512,cn=Password Storage Schemes,cn=plugins,cn=config is added > \n+Entry cn=PBKDF2_SHA256,cn=Password Storage Schemes,cn=plugins,cn=config is > added > > However I wonder if it's possible to integrate a 389DS (ns-slapd, > http://www.port389.org/) into an OpenLDAP multi-master configuration. > Definitely one cannot sync the configuration section, because it's too > different. > > For example the ACL Syntax looks like this: > (targetattr="carLicense || description || displayName || > facsimileTelephoneNumber || homePhone || homePostalAddress || initials || > jpegPhoto || labeledURI || mail || mobile || pager || photo || postOfficeBox > || postalAddress || postalCode || preferredDeliveryMethod || > preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso > || st || street || telephoneNumber || telexNumber || title || userCertificate > || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version > 3.0; acl "Enable self write for common attributes"; allow (write) > userdn="ldap:///self";;) > > Regards, > Ulrich > > > >
