On Thu, May 01, 2008 at 09:57:25AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, May 01, 2008 11:39 AM -0400 John Morrissey jwm@horde.net wrote:
Recently, a fluke in our configuration distribution system caused one of our consumers (running 2.3.41) to have stale schema information. slapd at debuglevel 16384 emitted:
Should this error have been raised in this case? I tried explicitly disabling schemachecking ("schemachecking=off" in the syncrepl stanza), but this error was still raised.
The error is correct. schemachecking off makes it so that entries do not have to comply to *known* schema. Your schema was not known.
I guess I was confused by slapd.conf(5):
The schema checking can be enforced at the LDAP Sync consumer site by turning on the schemachecking parameter. The default is off. Schema checking on means that replicated entries must have a structural objectClass, must obey to objectClass requirements in terms of required/allowed attributes, and that naming attributes and distinguished values must be present. As a consequence, schema checking should be off when partial replication is used.
The reason it works this way (and how it serves the partial replication use case) makes total sense now, but I might not be the only one to draw the wrong conclusion from something like "schemachecking=off".
I'm not sure how I would reword this part of the man page, but FWIW it was what confused me about this option's behavior.
john