Hello,
I need the memberof Attribute on users, and I configured it with the memberof overlay. Every thing ist working fine. I like to deploy a second server for redundancy reason., but the manual page of the overlay says: " .. Replica servers should be configured with their own instances of the memberOf overlay if it is desired to maintain these memberOf attributes on the replicas. Note that slapo-memberOf is not compatible with syncrepl based replication, and should not be used in a replicated environment. ..."
That confuses me a little bit. All replication on openLDAP are based on syncreplication (slurpd is vanished a long time ago) So what kind of replication means the manual page (-> "Replica servers")?
Thanks Meike
--On Friday, September 28, 2018 11:35 AM +0200 Meike Stone meike.stone@googlemail.com wrote:
That confuses me a little bit. All replication on openLDAP are based on syncreplication (slurpd is vanished a long time ago) So what kind of replication means the manual page (-> "Replica servers")?
It means that you run it in a replicated environment at your own risk. Unfortunately, there is no defined standard for the "memberOf" functionality (it's a MS hack) and so there's nothing that details how it should or shouldn't behave with replication. In general, things work fine as long as:
a) The server(s) never go into REFRESH
and
b) You never bring up a new replica with an empty database (which then does a full REFRESH)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Meike Stone -
Quanah Gibson-Mount