bring it up to date and replication then switches back to the delta-syncrepl
mode.
+Note: partial replication is incompatible with deltasync. For deltasync to
+work, the replication user needs unrestricted read access to both the main
+database and accesslog database.
+
Note: since the database state is stored in both the changelog DB and the
main DB on the provider, it is important to backup/restore both the changelog
DB and the main DB using slapcat/slapadd when restoring a DB or copying
must first be configured in {{slapd.conf}}(5) before it can be
used. The provider has two primary configuration directives and
two secondary directives for when delta-syncrepl is being used.
+
Because the LDAP Sync search is subject to access control, proper
access control privileges should be set up for the replicated
-content.
+content. In many environments the replicas are meant to carry the
+same data as provider so the replication user needs unrestricted
+read access to the database and as such this tends to be the first
+access rule for that database:
+
+> access to * by "$REPLICATOR" read by * break
+
+However if partial replication is desired, the access rules can be
+tightened appropriately.
The two primary options to configure are the checkpoint and
sessionlog behaviors.
time has passed since the last checkpoint, a new checkpoint is
performed. Checkpointing is disabled by default.
-The session log is configured by the
+If an accesslog is maintained for this database and contains all the
+successful writes, it is the preferred way to provide the resync
+information:
+
+> syncprov-sessionlog-source <accesslog db suffix>
+
+Otherwise an in memory session session log is configured by the
> syncprov-sessionlog <ops>
>
> overlay syncprov
> syncprov-checkpoint 100 10
-> syncprov-sessionlog 100
+> syncprov-sessionlog-source cn=accesslog
H4: Set up the consumer slapd
projects / thirdparty / openldap.git / commitdiff
