From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Friday, October 11, 2013 1:49 PM
This seems contrary to the documentation and I found it confusing. Am I missing something?
The memberof overlay should be loaded on all servers. Also see the ITS I just referenced to you...
In the ticket, there is some discussion of whether or not memberOf should be a "DSA-specific attribute" and hence not replicated; the discussion was not resolved, but I would vote for yes. The slapo-memberof man page says:
"The maintenance operations it performs are internal to the server on which the overlay is configured and are never replicated. Replica servers should be configured with their own instances of the memberOf overlay if it is desired to maintain these memberOf attributes on the replicas."
Considering memberOf is not part of any standard schema, and only valid if the memberof overlay is loaded, it seems would make sense for it not to be replicated to remote servers that might not know what to do with it. If for some reason that won't be done, then ideally at least the documentation could be updated to make it clear that the attribute *is* replicated, and that all of the servers should be reconfigured to include the overlay before any group membership is updated to prevent an invalid attribute from showing up...
Thanks.