2

I have two openldap servers replicating cn=config with syncrepl in a provider-consumer relationship. There are a few attributes that I would like to exclude from replication.

I see that syncrepl has an exattrs=<attr list> option, but I cannot find any documentation as to how to set it. For example,

  • Are the attributes comma-delimited, or colon-delimited, or something else?
  • Are wildcards allowed, or do I have to list all of the attributes by hand? As it turns out, all of the attributes I want to exclude begin with olcTLS . Can I set exattrs=olcTLS* ?
Improve this question

1 Answer 1

Reset to default
2

They are comma-separated. About that I am sure, look the following snipet from a production server: 

 olcSyncrepl: {0}rid=006 provider=ldap://ldap.example.org bindmethod=sasl sa
 slmech=EXTERNAL searchbase="ou=people,dc=example,dc=org" type=refreshOnly  int
 erval=00:00:05:00 retry="5 5 30 +" timeout=1 scope=sub schemachecking=on star
 ttls=yes tls_cert=/etc/ssl/certs/client.example.org.pem tls_key=/etc/ssl/pri
 vate/client.example.org.key tls_cacert=/etc/ssl/certs/DigiCertCA.crt exattrs
 =sambaNTPassword,userPassword

About wilcards, I would guess no, it's not possible. I tried naively as you suggested and slapd refused to start.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .