Hi list,
I have noticed a problem regarding ExOp PASSMOD and chaining in my
OpenLDAP environment. Maybe some of the other overlays are doing their
part in this as well.
Password changes stopped behaving weird at some point and after some
experimenting, I have the following picture: When a slave runs for a few
days and some user tries to change his password, the change is done in
the local database only (no chaining done or referral returned),
resulting in an inconsistent database between the slave and all the
other servers. That way, logging in to services which connect to the
LDAP servers in a round-robin fashion sometimes works with the "new"
password and sometimes with the old one. After I restart the slapd on
the slaves, everything works again for a few days, before it goes bad again.
Every other write gets chained just fine when a slave is in this
condition. It's only the PASSMOD operations that are stuck.