Partial replication

Partial replication is an advanced replication feature that replicates only the specified entries and a subset of attributes for the specified entries within a subtree. The entries and attributes that are to be replicated are specified by an LDAP administrator with the appropriate authority. See Administrative group and roles for more information about administrative role authority. Using partial replication, an administrator can enhance the replication bandwidth depending on the deployment requirements. With partial replication support, an LDAP administrator can allow entries that have certain object class values to be replicated to a consumer server. For example, entries that have an objectclass of person and only the cn, sn, userPassword attributes are allowed to be replicated but not the description attribute.

The replication filter entry can be specified in each individual replication agreement entry in the ibm-replicationFilterDN attribute value. For more information, see Replication agreements. A replication filter entry has a structural objectclass of ibm-replicationFilter. For the required attribute values for the ibm-replicationFilter objectclass., see Table 1. If an ibm-replicationFilterDN attribute value is not a valid replication filter entry or does not exist, replication for the replication agreement is suspended. If replication from the replication agreement is suspended, the replication filter entry must be added to the directory or the ibm-replicationFilterDN attribute value must be removed from the replication agreement entry. When replication is suspended for the replication agreement, it can be resumed by using the Control replication extended operation in the LDAPEXOP utility. For more information about the LDAPEXOP utility, see LDAPEXOP (ldapexop utility) in z/VM: TCP/IP Planning and Customization.

The attributes that are to be replicated are specified using a replication filter in the ibm-replicationFilterAttr attribute. A set of attributes pertaining to an object class constitutes a replication filter. The list of attributes selected for an object class can either be a part of an inclusion list or an exclusion list. An inclusion list is list of attributes that are selected for replication while an exclusion list is list of attributes that are not selected for replication. For the required attribute values for the format of the ibm-replicationFilterAttr attribute values, see Table 1.

Table 1. ibm-replicationFilter objectclass schema definition (required attributes)
Attribute description and example
cn

Common name of the replication filter entry. This attribute does not affect advanced replication configuration.

Example: 
cn: filter1
ibm-replicationFilterAttr

A multi-valued attribute that specifies a replication filter. A replication filter is based on the object class values of entries that are replicated. The filter can be an inclusion or exclusion filter.

The following is the replication filter format: 
(objectclass=objclass):[!](attr1[,attr2]…)
where,

objclass Specifies a valid objectclass in the server’s schema. If an * is specified, then all other objectclasses not specified by other ibm-replicationFilterAttr attribute values (if any) in the replication filter entry, are subject to this replication filter.

! If specified, indicates that the attribute type list is an exclusion list, otherwise, it is an inclusion list.

attr1, attr2 Specifies a list of valid attribute types in the server’s schema. If an exclusion list, the attribute types in this list are not replicated for entries that have an objectclass value of objclass. If an inclusion list, the attribute types in this list are replicated for entries that have an objectclass value of objclass. An * can be specified to indicate all attribute types for the objclass.

The following attributes are always replicated, irrespective of their presence in the exclusion list:
  • Object class attributes of an entry
  • Naming attribute
  • All operational attributes (for example, ibm-entryuuid attribute values)
Notes:
  1. If an attribute type is present in both an inclusion and an exclusion list, the exclusion takes precedence.
  2. If there is not an ibm-replicationFilterAttr attribute value with objclass equal to *, no replication with entries that have an objectclass other than the ones explicitly specified is done. This acts as if an ibm-replicationFilterAttr attribute value of (objectclass=*):!(*) is specified on the replication filter entry.
Example: 
ibm-replicationFilterAttr: (objectclass=person):(cn,sn)
The example in Table 1 allows the following replication to occur:
  • Entries with an objectclass of person only have their cn and sn attribute values replicated.
  • Entries with other objectclasses are not replicated.