[Fedora-directory-users] FDS and OpenLDAP integration
Pierangelo Masarati
ando at sys-net.it
Fri Sep 7 16:20:20 UTC 2007
Pierangelo Masarati wrote:
> Since the structuralObjectClass attribute is supposed to have a very
> special meaning for the DSA (RFC 4512), just adding it as a user
> attribute seems to me quite a broken approach. Provided you're running
> a decent version of OpenLDAP, you should be able to filter out undesired
> attributes from the replication process. For example, in slapd.conf
> (from slapd.conf(5) man page of OpenLDAP 2.3, but the feature exists
> since OpenLDAP 2.1, I think)
>
> replica [...]
> attr!=structuralObjectClass
>
> will prevent slurpd from replicating the negated attribute list.
Just for the records: a custom patch in this sense was developed by
SysNet back in the old times of OpenLDAP 2.0 exactly for the purpose of
replicating an OpenLDAP server to a proprietary LDAP server that didn't
like many operational attributes slurpd was willing to push in. It also
provided partial subtree replication capabilities.
A similar patch was prepared in the meanwhile by Symas and the two
merged into OpenLDAP 2.1.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati at sys-net.it
---------------------------------------
More information about the Fedora-directory-users
mailing list