I've got an LDAP driver that's doing a one-way sync from eDir into OID.

Works fine.

However, I'm only syncing one particular OU=something
from Edir into OID

I accomplished this via a Veto rule in the Creation policy (if not in
subtree OU=something, then veto)

That works, BUT it's VERY VERY chatty, since (right now) 75% of the
"traffic" is in other OU in the eDir tree.

Is there a better way to scope/do this?

Or do I just disable tracing for that veto rule? (and then turn it on
when I need to trouble-shoot)?


kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=49179