Emmanuel Dreyfus wrote:
Hello
When using SASL OTP, the one time password sequence number is stored in a cmusaslsecretOTP attribute. On every successful authentication, it should be decreased.
That works fine until used with a syncrepl setup: authenticating to a replica may cause its local cmusaslsecretOTP, but this change will be overriden by the value from the master.
As a result, I see sometime the sequence number decreasing just after a succeeded authentication, but that does not last very long. Soon or later, the older value is restored.
How is it supposed to work?
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's never gotten much attention.
As far as I understand, there needs to be some code for the replica to send the update to the master. Is the code missing, or do I have a configuration problem that prevent it from working? Or do I hit a bug?
Look into chaining...