OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/7474
Full headers

From: marco.pizzoli@gmail.com
Subject: memberOf and full syncreplication
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 14 Dec 2012 08:32:33 +0000
From: marco.pizzoli@gmail.com
To: openldap-its@OpenLDAP.org
Subject: memberOf and full syncreplication
Full_Name: Marco Pizzoli
Version: 2.4.33
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.11.209.11)


Hi,
I think this could be considered an RFE.

During a full syncreplication I can't populate the memberOf attribute of some
entries because they are not (yet) present in the replicated tree.

The error is quite clear by looking at the logs during the full
syncreplication.,

"conn=-1 op=0: memberof_value_modify DN=<my_user_DN> add
memberOf=<my_group_DN>
failed err=32

The problem doesn't occur on all user entries, because some of them are
replicated before the group which include them (as member, of course).

I would like to be assured that a full sync-replication can go smooth by
populating the memberOf attribute on all entries.

Thanks in advance
Marco

Followup 1

Download message
Date: Mon, 03 Apr 2017 10:20:50 -0700
From: Quanah Gibson-Mount <quanah@symas.com>
To: marco.pizzoli@gmail.com, openldap-its@openldap.org
Subject: Re: (ITS#7474) memberOf and full syncreplication
Hello,

As noted in the slapo-memberof(5) man page, it is unsafe for use with 
replication.

See also <http://www.openldap.org/its/index.cgi/?findid=8613> for ways in 
which to replicate memberOf functionality in a replication safe manner 
using slapo-dynlist.

This ITS will be closed.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>



Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org