[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncprov overlay and autogroup
- To: openldap-technical@openldap.org
- Subject: Re: syncprov overlay and autogroup
- From: Martin Pittamitz <martin@pittamitz.at>
- Date: Thu, 31 Oct 2019 21:25:04 +0100
- Content-language: en-GB
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=pittamitz.at; s=mail; t=1572553506; bh=JulT/dyGcoLGmdyZFbjhbTxiJtBfiBpd82XMhMhTRwk=; h=Subject:To:References:From:Date:In-Reply-To:From; b=YFZxAQHua/4YHfO1s1pN8GGNkbwNtPIFIIn+uCHIWNXHft4VFflPeKGxGY+TgXk6U Ri8IdA8IGOb3lMEucKqooIo43MhVokBIKdGzUiKwQtpHkx9hZ57YJaFhZmFW9sgx0G PaWuBVdw2A3JTeT2baWeJpVD45++/CnCsfWr+kuNz7rdB5AGNdyHsi21cPJqHNUeV8 JHjHHAByzVSMynbdX2+2HbJR1geIWALQoJFiU24lBs/6s4JxjZENidWonYNJogF7zX RSiXNEXpXhllOCclUpk/uROKfgLZkHrBEEY3AJUceMHov6jSg4Q8u+pEGtC+xAGpFH uoEfW5H5gXPFg==
- In-reply-to: <409B9830C85EF7F882CFA3FA@[192.168.1.144]>
- References: <0d134574-ef1b-be7f-02cc-b593cd87fecd@pittamitz.at> <409B9830C85EF7F882CFA3FA@[192.168.1.144]>
- User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
On 29/10/2019 22:33, Quanah Gibson-Mount wrote:
autogroup is probably only usable in a replicated environment where
there is a single provider and it is only configured on the provider
(i.e., not configured on the consumers at all) and without memberOf.
I'm not sure how it behaves with delta-syncrepl (i.e., what operations
it logs in the change database). It may or may not be compatible for
that configuration.
Hello Quanah
thank you for the quick and informative reply. My thinking was already
going in that direction.
I would need a way disable those overlays on the consumer, still keeping
the necessary ObjectClasses and such, and in that case memberOf and
autogroup would just work on the provider and their "results" are
replicated to the consumer. Sadly, my understanding of OpenLDAP is
lacking in that regard.
I am wondering how other people solve these cases. The requirement
brought up to me was to have an external, replicated "clone" of the LDAP
service to be used if the WAN were down on location. No (active) changes
would be made on the consumer.
Any possibilities or suggestions?
Best regards
Martin