Thanks for the heads-up Quanah. Looks like you've found a serious problem with multi-master replication, good to know about. In my case, we're just using single-master replication, so we're able to dodge the problem you describe for the time being.

Just to clarify though -- once ITS#8125 is resolved, this enhancement shouldn't pose any additional problems for MMR sites, right?

Thanks,

-Kartik

On 07/06/2015 12:18 PM, Quanah Gibson-Mount wrote:

I would note that:

IF using delta-syncrepl AND the data values are replicated AND authentication attempts can occur against different LDAP masters

You can run into *serious* drift between servers if you try and implement this, causing endless refresh mode runs that cause the servers to get further out of sync. See http://www.openldap.org/its/index.cgi/?findid=8125.

More specifically:

If a client has (most often) a mobile device with a bad password, and it's authentication attempts are bouncing between masters, even with high resolution timestamps, you can get collisions in the delete op for old values that cannot be reconciled, causing fallback/refresh.

--Quanah

--

Quanah Gibson-Mount Platform Architect Zimbra, Inc.

---

Zimbra :: the leader in open source messaging and collaboration