--On Thursday, March 10, 2022 12:30 PM -0800 Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Thursday, March 10, 2022 7:53 PM +0100 Michael Ströder michael@stroeder.com wrote:
HI!
I wonder what the operational requirements are when using
syncprov-sessionlog-source cn=accesslog
instead of the in-memory session log.
E.g. what about configured logpurge?
What happens if the accesslog DB is completely deleted?
You lose the sessionlog. This is a significant flaw in the current design and is not what I was expecting when the need to implement a persistent sessionlog was identified. Depending on the way in which the accesslog is configured, storing the sessionlog in it can be worse than the in-memory scenario.
To be clear, a complete deletion of the accesslog that doesn't also involve a slapd restart (which would also wipe the in-memory sessionlog) is only going to be caused by the purge interval firing. So using the accesslog backed sessionlog mandates having a suffiecently large purge interval. So one has to be particularly careful in how they configure the log purge interval for the accesslog DB.
Also, I'm not implying that the in-memory sessionlog is superior to the one stored in the accesslog DB. If you're using delta-syncrepl, the accesslog based one is definitely the way to go. If you're using standard syncrepl, you just have 2 bad choices.
--Quanah