Hello,
an attribute declared 'dsaOperation' in the schema is not replicated with Syncrepl, this behavior was coded some years ago and it seems right.
Today, I updated such attribute (pwdFailureTime) with the relax control and noticed the modification has been replicated. I just wanted to know if this behavior was expected with the relax control, or if this is an issue (the test was done with OpenLDAP 2.4.31).
Thanks,
Clément OUDOT.
Clément OUDOT wrote:
an attribute declared 'dsaOperation' in the schema is not replicated with Syncrepl,
Is that really the general rule?
Today, I updated such attribute (pwdFailureTime) with the relax control and noticed the modification has been replicated.
Attribute type description for 'pwdFailureTime' has USAGE directoryOperation and NO-USER-MODIFICATION attached but not USAGE dSAOperation.
Ciao, Michael.
2012/5/30 Michael Ströder michael@stroeder.com:
Clément OUDOT wrote:
an attribute declared 'dsaOperation' in the schema is not replicated with Syncrepl,
Is that really the general rule?
It seems this is the rule in OpenLDAP code, see http://www.openldap.org/lists/openldap-bugs/200712/msg00078.html
Today, I updated such attribute (pwdFailureTime) with the relax control and noticed the modification has been replicated.
Attribute type description for 'pwdFailureTime' has USAGE directoryOperation and NO-USER-MODIFICATION attached but not USAGE dSAOperation.
Ok, bad example. I had the same problem with the attribute authtimestamp from lastbind overlay.
Clément.
2012/5/31 Clément OUDOT clem.oudot@gmail.com:
2012/5/30 Michael Ströder michael@stroeder.com:
Clément OUDOT wrote:
an attribute declared 'dsaOperation' in the schema is not replicated with Syncrepl,
Is that really the general rule?
It seems this is the rule in OpenLDAP code, see http://www.openldap.org/lists/openldap-bugs/200712/msg00078.html
Today, I updated such attribute (pwdFailureTime) with the relax control and noticed the modification has been replicated.
Attribute type description for 'pwdFailureTime' has USAGE directoryOperation and NO-USER-MODIFICATION attached but not USAGE dSAOperation.
Ok, bad example. I had the same problem with the attribute authtimestamp from lastbind overlay.
So I have another question: why is pwdFailureTime not replicated if it is not a dsaOperation attribute? What is exactly the rule used by syncrepl to know which operational attribute can be synchronized or not?
Thanks for your help,
Clément.
openldap-technical@openldap.org
-
Clément OUDOT -
Michael Ströder