Full_Name: Arunkumar shanmugam
Submission from: (NULL) (184.108.40.206)
I'm currently using Openldap 2.4.29 to model an Authorization platform. I
noticed some inconsistent behavior with syncrepl and memberof overlays.
Does this issue occur with the current release, 2.4.32?
The issue happens as follows:
If I Create groups with a large number of members and delete them in quick
succession on the writemaster, the data replicated to the readslave is
incorrect, in particular, the memberof fields of the User objects.
This seems to happen because the memberof field is getting replicated to the
slave nodes, although the documentation states that it shouldn't.
Indeed. Do you have debug logs showing the replication traffic, and showing
that the memberof attribute got replicated?
replicating, the User object is replicated inclusive of the memberof fields, but
by the time the syncrepl search comes to the group object, it has already been
deleted, and hence not replicated. This leaves a dangling memberof field in the
read slave instance.
I was wondering if anyone has faced this issues (I did not see any ITS related
to this), and has a workaround.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/