filter olcGlobal from config sync

README.md

@@ -209,7 +209,7 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll
 | Variable                      | Description                                                                                                                                                                                                                                                                         | Default                                                                                                                                                                           |
 | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `ENABLE_REPLICATION`          | Add replication capabilities. Multimaster only at present.                                                                                                                                                                                                                          | `false`                                                                                                                                                                           |
-| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`.                                                                                                                                              | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1`                   |
+| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`.                                                                                                                                              | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"`                   |
 | `REPLICATION_DB_SYNCPROV`     | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`.                                                                                                                                                     | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` |
 | `REPLICATION_HOSTS`           | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` |
 

examples/docker-compose.yml

@@ -35,7 +35,7 @@ services:
       - SSL_HELPER_PREFIX=ldap
 
       - ENABLE_REPLICATION=FALSE
-      - REPLICATION_CONFIG_SYNCPROV=binddn="cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1
+      - REPLICATION_CONFIG_SYNCPROV=binddn="cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"
       - REPLICATION_DB_SYNCPROV=binddn="cn=admin,dc=example,dc=org" bindmethod=simple credentials="admin" searchbase="dc=example,dc=org" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1
       - REPLICATION_HOSTS=ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com
       - REMOVE_CONFIG_AFTER_SETUP=false

install/assets/functions/10-openldap

@@ -528,7 +528,7 @@ EOF
         get_ldap_base_dn
         for replhost in $replhosts; do
           sed -i "s|<REPLICATION_HOSTS>|olcServerID: $i $replhost\n<REPLICATION_HOSTS>|g" /assets/slapd/config/replication/replication-enable.ldif
-          sed -i "s|<REPLICATION_HOSTS_CONFIG_SYNC_REPL>|olcSyncRepl: rid=00$i provider=$replhost ${REPLICATION_CONFIG_SYNCPROV:-"binddn=\"cn=config\" bindmethod=simple credentials=$CONFIG_PASS searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1"}\n<REPLICATION_HOSTS_CONFIG_SYNC_REPL>|g" /assets/slapd/config/replication/replication-enable.ldif
+          sed -i "s|<REPLICATION_HOSTS_CONFIG_SYNC_REPL>|olcSyncRepl: rid=00$i provider=$replhost ${REPLICATION_CONFIG_SYNCPROV:-"binddn=\"cn=config\" bindmethod=simple credentials=$CONFIG_PASS searchbase=\"cn=config\" type=refreshAndPersist retry=\"5 5 60 +\" timeout=1 filter=\"(!(objectclass=olcGlobal))\""}\n<REPLICATION_HOSTS_CONFIG_SYNC_REPL>|g" /assets/slapd/config/replication/replication-enable.ldif
           sed -i "s|<REPLICATION_HOSTS_DB_SYNC_REPL>|olcSyncRepl: rid=10$i provider=$replhost ${REPLICATION_DB_SYNCPROV:-"binddn=\"cn=admin,$BASE_DN\" bindmethod=simple credentials=$ADMIN_PASS searchbase=\"$BASE_DN\" type=refreshAndPersist interval=00:00:00:10 retry=\"5 5 60 +\" timeout=1"}\n<REPLICATION_HOSTS_DB_SYNC_REPL>|g" /assets/slapd/config/replication/replication-enable.ldif
           ((i++))
         done