[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
How to present the memberOf attribute in a syncrepl setup?
- To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: How to present the memberOf attribute in a syncrepl setup?
- From: Robert Minsk <robertminsk@yahoo.com>
- Date: Sun, 13 May 2018 23:32:19 +0000 (UTC)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1526254372; bh=quapN4+olQX7gOw2602ChOZpKVdZBgV+ftB6Q+rXcm0=; h=Date:From:To:Subject:References:From:Subject; b=LKyx2el23fFdyq50eqhrpym9GdEJ4vhTq50rUjBZ2MP5k6CgOdokDtS7pfWt9MgL5DFpVq2+B9XcbX97bIZyK4+Y/cC1Gc+BJsEssNnjGqfwAhOursi7qTXmXgATkGos2LHNYoeNkFCigHGwUe0JIfKx9cJRYylM3vpHFesJ034+XEfSSXamJt6WJddANX/cNzN2dIxh8H9R7w9wT5Q9ufSdLivHwU79P9qyN8iUsXuiBMys1Se5cpTZLOL6n0hAjCTDTUWrXbrLs/Okjtzc0AOkRzmlW3+ut75eOcwKg47u1kETcTW1wnbmZ9Oh9jG/WEl+VolEIbhpERVrCIo+Ew==
- References: <1795395172.784592.1526254339127.ref@mail.yahoo.com>
/-----------------------------------\
| master1 <- mirror repl -> master2 |
\-----------------------------------/
^ ^ ^
| | |
syncrepl syncrepl syncrepl
| | |
/-------\ /-------\ /-------\
|cache01| |cache02| ... |cache n|
\-------/ \-------/ \-------/
The master servers are using mirror replication and are behind a load balancer setup for active/passive failover. All writes go to the active master where the "member" attribute is maintained for the groups. The cache servers get their data from the master servers using syncrepl replication. All the end clients connect to the cache servers.
I need to be able to present the memberOf attribute on users on the cache servers. The man page for slapo-memberof states that it is not compatible with syncrepl. Because of this the cache servers are using slapo-dynlist to create the memberOf attribute. The problem is since I am using a dynamic list I can not search using the memberOf attribute only query its value. I need to be able to search by the memberOf attribute.
What is the recommended way generate the memberOf attribute? Should I modify the schema for a user and somehow maintain the memberOf attribute on the masters? I am a bit worried about this since looking at the slapo-memberOf source the memberOf attribute it is flagged as a DSAOperation.