--On Wednesday, June 15, 2016 1:59 PM +0100 Mark Cairney Mark.Cairney@ed.ac.uk wrote:
Hi Quanah,
I can confirm I still see the issue when deleting and adding user objects and groups using 3-way delta-MMR.
Please keep replies on the list.
From one of the servers receiving the change:
[snip]
I spotted the reference to "cn=marksgroup2" in the log above so decided to try it with an objectclass that has no group memberships managed by the memberOf overlay (simplesecurityobject) and it worked as expected:
Again from the consumer I see the following logged:
[snip]
So it looks like there's possibly an additional effect being caused by the memberOf overlay but as about 90% of our LDAP writes are the creation/modification/deletion of users and groups this could be a pain on a production system :-)
Is this enough for you to go on? If there's any additional logging or details of my config I'm happy to pass them on.
I dropped your replication log bits in case there was anything sensitive in there.
I agree, it looks like the memberof overlay is breaking replication in your case. I would suggest filing an ITS with details on your setup, and the logging you provided, obfuscated as necessary.
--Quanah
--
Quanah Gibson-Mount Platform Architect Manager, Systems Team Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
Hi Quanah,
Apologies for taking it off-list. I didn't want to clutter the list archive with reams of my logging output which probably isn't meaningful to anyone else.
I'll fill in an ITS as suggested. Thanks for your help with this.
Kind regards,
Mark
On 15/06/16 20:41, Quanah Gibson-Mount wrote:
--On Wednesday, June 15, 2016 1:59 PM +0100 Mark Cairney Mark.Cairney@ed.ac.uk wrote:
Hi Quanah,
I can confirm I still see the issue when deleting and adding user objects and groups using 3-way delta-MMR.
Please keep replies on the list.
From one of the servers receiving the change:
[snip]
I spotted the reference to "cn=marksgroup2" in the log above so decided to try it with an objectclass that has no group memberships managed by the memberOf overlay (simplesecurityobject) and it worked as expected:
Again from the consumer I see the following logged:
[snip]
So it looks like there's possibly an additional effect being caused by the memberOf overlay but as about 90% of our LDAP writes are the creation/modification/deletion of users and groups this could be a pain on a production system :-)
Is this enough for you to go on? If there's any additional logging or details of my config I'm happy to pass them on.
I dropped your replication log bits in case there was anything sensitive in there.
I agree, it looks like the memberof overlay is breaking replication in your case. I would suggest filing an ITS with details on your setup, and the logging you provided, obfuscated as necessary.
--Quanah
--
Quanah Gibson-Mount Platform Architect Manager, Systems Team Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
On Thu, Jun 16, 2016 at 10:10:19AM +0100, Mark Cairney wrote:
I'll fill in an ITS as suggested.
Hmm, this is on a 2.4.44 deployment with the patch from head applied that Quanah indicated fixed the original problem he was having? I just compiled 2.4.44 with that patch last week in preparation for an upcoming planned upgrade; however, we use memberOf as well so now perhaps I'll hold off again a bit <sigh>. Would you be so kind as to post the ITS # once you file it?
Thanks...
Sure, the ITS is 8444:
http://www.openldap.org/its/index.cgi/Incoming?id=8444;page=44
I'm out the office this week anyway so won't be in a position to do any testing etc till next.
On 21/06/2016 02:39, Paul B. Henson wrote:
On Thu, Jun 16, 2016 at 10:10:19AM +0100, Mark Cairney wrote:
I'll fill in an ITS as suggested.
Hmm, this is on a 2.4.44 deployment with the patch from head applied that Quanah indicated fixed the original problem he was having? I just compiled 2.4.44 with that patch last week in preparation for an upcoming planned upgrade; however, we use memberOf as well so now perhaps I'll hold off again a bit <sigh>. Would you be so kind as to post the ITS # once you file it?
Thanks...
openldap-technical@openldap.org