Full_Name: Quanah Gibson-Mount
Submission from: (NULL) (18.104.22.168)
Test059 can expose an interesting bug in OpenLDAP when replication is configured
for both cn=config and an underlying data DB. I wouldn't call it a critical
issue for this scenario, but it's possible it could be critical in other
scenarios I'm not aware of.
The basic problem breaks down like this:
a) A modification to the schema is made in cn=config
b) An entry is added or modified to the data DB that makes use of the new schema
The majority of the time, this is not an issue, as the change to the schema gets
replicated /before/ the change to the entry is honored.
However, if the modification to the entry is done *before* the schema changes
get replicated, the following happens:
a) The replica pauses cn=config replication
b) The replica attempts to replicate the changed entry
c) The replica fails to replicate the change due to the fact the schema is not
d) The replica goes into an endless REFRESH loop
Because cn=config replication is never "unpaused", the REFRESH operation can
never succeed. It essentially takes manual intervention to fix the replica.