Hello !
I have few questions regarding replication. I'm doing partial replication on plain replication by limiting the syncrepl user permissions in the ACL. It works well. Is it supported ? Would it work with a delta-sync replication ?
Another thing I've been told about is about memberOf overlay. My colleague told me that replication may fail when memberOf is enabled on consumers, mainly because sometimes the group is replicated before the user and memberOf would create an entry if a search is made on the user not yet replicated. Have you some insights about this behaviour that I have not met yet ?
Regards
As taken from elsewhere on this list:
The primary issue is that if a server goes into REFRESH mode, the order in which the entries are sent back may not allow the slapo-memberOf overlay to rebuild the groups correctly.
Details: https://bugs.openldap.org/show_bug.cgi?id=8613
For dynlist:
Take the latest 2.5/2.6 Remove the memberOf overlay, load and enable the dynlist overlay on your nodes
Set dynlist-attrset according to your member/group naming.
Example:
dynlist-attrset groupOfURLs memberURL uniqueMember+memberOf@groupOfUniqueNames*
On Fri, Apr 19, 2024, 16:46 BECOT Jérôme jbecot@itsgroup.com wrote:
Hello !
I have few questions regarding replication. I'm doing partial replication on plain replication by limiting the syncrepl user permissions in the ACL. It works well. Is it supported ? Would it work with a delta-sync replication ?
Another thing I've been told about is about memberOf overlay. My colleague told me that replication may fail when memberOf is enabled on consumers, mainly because sometimes the group is replicated before the user and memberOf would create an entry if a search is made on the user not yet replicated. Have you some insights about this behaviour that I have not met yet ?
Regards
Erik de Waard wrote:
As taken from elsewhere on this list:
The primary issue is that if a server goes into REFRESH mode, the order in which the entries are sent back may not allow the slapo-memberOf overlay to rebuild the groups correctly.
See https://bugs.openldap.org/show_bug.cgi?id=10167
that restriction has been eliminated.
Is it included in the last 2.5 ? ________________________________ De : Howard Chu hyc@symas.com Envoyé : dimanche 28 avril 2024 15:12 À : Erik de Waard erikdewaard@gmail.com; BECOT Jérôme jbecot@itsgroup.com Cc : openldap-technical@openldap.org openldap-technical@openldap.org Objet : Re: Replication Questions
ATTENTION : Cet e-mail provient de l'extérieur de l'organisation. Ne cliquez pas sur les liens et n'ouvrez pas les pièces jointes à moins que vous ne reconnaissiez l'expéditeur et que vous sachiez que le contenu est sûr.
Erik de Waard wrote:
As taken from elsewhere on this list:
The primary issue is that if a server goes into REFRESH mode, the order in which the entries are sent back may not allow the slapo-memberOf overlay to rebuild the groups correctly.
See https://bugs.openldap.org/show_bug.cgi?id=10167
that restriction has been eliminated.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--On Tuesday, April 30, 2024 8:26 AM +0000 BECOT Jérôme jbecot@itsgroup.com wrote:
Is it included in the last 2.5 ?
The bug lists what the target release is. In this case, 2.6.8. It will not be included in 2.5.
--Quanah
openldap-technical@openldap.org
-
BECOT Jérôme -
Erik de Waard -
Howard Chu -
Quanah Gibson-Mount