[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Syncrepl partial replication based on attribute problem
On 1/6/2012 4:38 ÏÎ, Howard Chu wrote:
Visibility changes due to ACL rules are not detected. syncprov only
checks an entry against the search parameters of the original sync
search operation, i.e., the base, scope, and filter. If an entry
matches these params before the modification, and no longer matches
after the operation, syncprov will send a delete message for that
entry. (Likewise if an entry doesn't match before, but matches after,
syncprov will send an Add for the entry.)
I would like a clarification on this, please:
Since the syncprov mechanism does a search based on base/scope/filter
from *a particular binddn* account, doesn't this mean that if visibility
*by that same binddn* of some entry (due to ACL restrictions) changes
after a modification, then effectively the same search (based on the
same base/scope/filter) will produce different results, which means that
the syncprov mechanism *should* generate an add/delete message accordingly?
In other words, syncprov does not produce messages based on the
differences between the results of standard ldapsearch'es? And if it
does not, shouldn't it?
Why syncprov should ignore ACL-based visibility? This seems unnatural
and does not assist conceptualization. At least it seems confusing to
me. Can you please provide more details on the syncprov mechanism with
regard to this?
Please advise!
Thanks,
Nick