8149 – nssov loginStatus doesn't play well with replication

Issue 8149 - nssov loginStatus doesn't play well with replication

Summary: nssov loginStatus doesn't play well with replication

Status:	UNCONFIRMED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	contrib (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.7.0
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-20 16:47 UTC by Ryan Tandy
Modified:	2023-10-23 16:59 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Ryan Tandy 2015-05-20 16:47:10 UTC

Full_Name: Ryan Tandy
Version: RE24
OS: Debian
URL: 
Submission from: (NULL) (142.31.146.2)
Submitted by: ryan


jindraj in #openldap reported that in a master/slave setup, nssov on the slave
updates loginStatus in the local db, not on the master. nssov should update
loginStatus in a way that can be forwarded properly (possibly controlled by a
conf option, similar to ppolicy_forward_updates).

The loginStatus updates also don't behave intuitively under MMR. The mod is done
without opattrs, so is not immediately replicated, but it does get replicated if
the entry's CSN gets updated for any other reason.

loginStatus is not an operational attribute, nor is user-modification of it
prohibited. (Maybe it should be?)