[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-memberof and Replication

To: Dave Macias <davama@gmail.com>
Subject: Re: slapo-memberof and Replication
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 28 Sep 2018 13:17:40 -0700
Cc: meike.stone@googlemail.com, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CA+nFYV_OVdGQ7SNzyH6Lq=og-UTvYe09-NDxjKMiWwWq9azhGg@mail.gmail.com>
References: <CAFNHiA_TxKTKMXwbrMyT9YApfbYOGn9XXNDuUu=2d99g8+=SJA@mail.gmail.com> <71C11760CDCD2D4EDCF6B2A5@192.168.1.39> <CA+nFYV_OVdGQ7SNzyH6Lq=og-UTvYe09-NDxjKMiWwWq9azhGg@mail.gmail.com>

--On Friday, September 28, 2018 5:02 PM -0400 Dave Macias<davama@gmail.com> wrote:

Does the same apply to the rfc2307bis schema which gives your the
groupOfMembers objectclass?
Out of curiosity.


Hi Dave,

No, the issue is specific to slapo-memberof and it's need to cross manageboth members and the groups. In a replicated environment during a fullREFRESH, entries are sent in creation order. This is problematic forslapo-memberOf because it may get a "group" object replicated prior to someof the entries that are members of that group. In that situation, the"memberOf" attribute will not get tacked onto those member entries sincememberOf can't find them in the database. Additionally, if it isconfigured for referential integrity, it could remove those members fromthe group (again since it has no knowledge of their existence).


Warm regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- slapo-memberof and Replication
  - From: Meike Stone <meike.stone@googlemail.com>
- Re: slapo-memberof and Replication
  - From: Dave Macias <davama@gmail.com>

Prev by Date: Re: issues with equality matching and slapd death
Next by Date: Re: issues with equality matching and slapd death
Index(es):
- Chronological
- Thread