It means that you run it in a replicated environment at your own risk. Unfortunately, there is no defined standard for the "memberOf" functionality (it's a MS hack) and so there's nothing that details how it should or shouldn't behave with replication. In general, things work fine as long as:
Does the same apply to the rfc2307bis schema which gives your the groupOfMembers objectclass? Out of curiosity.
Thanks!
--On Friday, September 28, 2018 5:02 PM -0400 Dave Macias davama@gmail.com wrote:
Does the same apply to the rfc2307bis schema which gives your the groupOfMembers objectclass? Out of curiosity.
Hi Dave,
No, the issue is specific to slapo-memberof and it's need to cross manage both members and the groups. In a replicated environment during a full REFRESH, entries are sent in creation order. This is problematic for slapo-memberOf because it may get a "group" object replicated prior to some of the entries that are members of that group. In that situation, the "memberOf" attribute will not get tacked onto those member entries since memberOf can't find them in the database. Additionally, if it is configured for referential integrity, it could remove those members from the group (again since it has no knowledge of their existence).
Warm regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Dave Macias -
Quanah Gibson-Mount