On Mar 9, 2021, at 00:46, Michael Ströder michael@stroeder.com wrote:
On 3/8/21 11:17 PM, Quanah Gibson-Mount wrote:
There's no downsides to enabling schema checking on the consumers.
AFAICT schema checking cannot be disabled for slapd in general. Not sure since which version the schemacheck directive was dropped. I guess since 2.4.x.
So schema checking can only be disabled with "schemachecking=off" within syncrepl directive. slapd.conf(5) says "off" is the default and as use-case it mentions partial replication.
If the consumer receives an attribute it doesn't know about in the schema, it won't know how to correctly store the data in the db, particularly if you want to later use it for indexing, since it won't know the syntax.
Yes, indexing won't work without correct SYNTAX in attribute type description.
So I agree schema should be correct on consumers. Everything else is asking for trouble.
The new schema including new indexing should be installed on consumers before the first new attribute values hits the consumer.
I’d also note the new schemas need to be added in the same order on all nodes. I’ve hit an issue a couple years ago were 2 new schemas took different numbers in cn=config style setting and openldap started complaining. Took quite a while to figure out.
This can get pretty tricky in corner cases though, e.g. new MUST attributes in existing object classes.
Ciao, Michael.