Hello list,
I have noticed (as of 2.4.7) an interaction of searchAndPersist syncrepl, search filters, and access rules that looks weird to me. Before I call it a bug (and submit to ITS) I'd like to ask whether I'm not just missing the point and everything is working as intended.
So here is the situation: We replicate just part of the provider data by annotating the objects to replicate with an extra replication info attribute. Access to that attribute is restricted. Now when an object is change, we observe this: If the change is made by a user who has read access to the replication info attribute then the change is replicated. Otherwise it is not. It appears that the replication filter is evaluated using the access rights of the user making the modification, not those of the replication user.
If someone can tell me that this is not a problem because ... whatever reason then I'm interested to know. Otherwise I'll pack up configs, logs, etc. and file a bug report.
Sincerely, Ralph Rößner