Date: 11-04-2022

Overview

Sometimes you only want part of the full directory available on a consumer. Fractional Replication (FR) makes that possible.

Steps

1. Design a query that isolates the subset of entries you want in the fraction,
2. Use the same basic configuration as a full replica,
3. Use you fractioning query for the search for replication, and
4. Chain ALL updates to the Producer. The simplest fraction is a subtree of the DIT.

Discussion

Security and regulatory requirements drive geographic and logical directory data topology. When no such pressures are present we replicate everything to all servers. That maximizes redundancy for availability and minimizes the number of servers needed.

OpenLDAP supports FR so you can stand up a directory server in a hostile environment. Only the data needed for that application space is stored there. That minimizes the attack surface and the amount that would be exposed if the directory’s security defenses are breached.

FR also lets you set up smaller “local” directory servers. This would let a small local server authenticate users accessing local machines, smart door locks, etc.

More sophisticated search filters are possible.