[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
syncrepl and memberof do not work well together
- To: openldap-technical@openldap.org
- Subject: syncrepl and memberof do not work well together
- From: "John Alex." <alexoz66@gmail.com>
- Date: Mon, 18 May 2015 13:18:11 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=LoIPyY+QSZ4t2dpS3YDcQYfQab6wgwNtaE6OLq1AzH0=; b=Hz7OPfClMnN3MAZHyTQmr292uDPSQYC2jM3ClQy7w4VaFUY2zZYgLnqQ6CV+gd4U8A 1A7Lpy4ZNcWRZwVHfjr0b9nhG6U856fw8sOaCW7IPJTbq4lAvCBjDZSW12bkHdwvGhyo NElZU7v0DRQMXWKBqTumALw2oEYAP+W8B2AOYyKcttyu9OVLudJJ4PQfU7v+fum83jcZ ZRyPbscUfIQmnKcWA82gK0UghoTJ8uHMyXhQZSdbz2A3QZBppmiQukfzNBqJrZuJG3zR /Cglejuec3ZUJOY5HX03RddmICiiN8Lj5YnKQxNwWHUXgrQaSun1U0iNbz29YfjOHtMv pE3w==
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
I am not sure if this is by design or a bug so I am posting here first.
I have a provider-consumer configuration (both at version 2.4.40) where the consumer uses
simple syncrepl (no delta sync). I am using the memberof overlay in the provider, and,
having read the slapo-memberof manpage and ITS#7400, I made sure to exclude "memberof"
from the synced attributes, and configured the memberof overlay in the consumer too. When
I add or remove a user from a group, the user entry is correctly updated in both provider
and consumer with the addition or removal of the corresponding "memberof" value.
The problem occurs when a user entry is modified in any way, e.g. by changing a password,
adding a description, etc. From what I understand, when a change occurs in an entry,
non-delta syncrepl causes the entire entry to be resynced, not just the modified
attributes. The result is that the "memberof" attributes of this entry on the consumer are
removed.
Is this the intended behavior? Shouldn't the "memberOf" values be restored after the entry
is updated, since no group membership was modified?