[Freeipa-users] Partial replica
Tomas Babej
tbabej at redhat.com
Mon Sep 21 08:09:06 UTC 2015
On 09/15/2015 05:14 PM, Nicola Canepa wrote:
> Hello list.
> I'm trying to make a test deploy of FreeIPA, and I was wondering if it
> is possible to authenticate remote sites via LDAP by havong a partial
> replica based on saome filter (maybe a group, an attribute or similar).
>
> Sorry if this is a silly question, but I am trying to explore the
> possibilities that I could have to slowly replace local authentications
> spread in various sites by having a central store (backed by FreeIPA)
> and many partial replicas which would contain what now I have in RADIUS
> or other authentication sources.
>
> Thank you for any advice or pointer you can give to me.
>
> Nicola
>
Hello!
Short answer is that FreeIPA does not support filter-based partial
replication.
AFAIK, 389 can do fractional replication, which can exclude certain
attributes from being replicated (and hence lower the replication
traffic), but I gather that will not help in your use case. See
nsds5replicatedattributelist and nsds5replicatedattributelisttotal
attributes of the replication agreement, if interested.
Tomas
More information about the Freeipa-users
mailing list