On Thu, Mar 10, 2022 at 09:48:40AM +0000, Lisa Parratt wrote:
My understanding was a sessionlog was required to record delete
events, to efficiently generate a Delete phase? The server has been
configured with `olcSpSessionlog: 10000` since long before I inherited
it, and the consumer seems to be processing the transmitted Delete
phase as expected.
it is required for that, but the fact your sessionlog isn't enough means
you had already been missing deletes and setting olcSpNoPresent just hid
that from view.
It could be argued that olcSpNoPresent and sessionlog are mutually
exclusive and we should reject that (or at least warn about it being
very suspicious), feel free to open an issue for this.
You might want to use olcSpSessionlogSource instead instead of the
in-memory implementation to make sure you don't get in this situation
even after a server restart. Maybe also keep olcSpNoPresent: FALSE to
alert you when you'd be losing information already and need to handle
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP