OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Documentation/8344
Full headers

From: Jephte.Clain@univ-reunion.fr
Subject: doc clarification: accesslog database should not be replicated
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 31 Dec 2015 08:04:53 +0000
From: Jephte.Clain@univ-reunion.fr
To: openldap-its@OpenLDAP.org
Subject: doc clarification: accesslog database should not be replicated
Full_Name: Jephte CLAIN
Version: 2.4.43
OS: Linux
URL: https://github.com/gdrsi/openldap/commit/351f3080b6fcf02dd67d4923e3c4e6fd99491b0a
Submission from: (NULL) (194.199.72.141)


The admin guide does not stat clearly that the accesslog database should not be
replicated. I attach a patch to clarify the documentation

Followup 1

Download message
From: Jephte Clain <jephte.clain@univ-reunion.fr>
Date: Thu, 31 Dec 2015 12:09:30 +0400
To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8344) doc clarification: accesslog database should not be
 replicated
This is a multi-part message in MIME format.
--------------090104080006050907050407
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

The patch is attached


--------------090104080006050907050407
Content-Type: text/x-diff;
 name="0001-accesslog-database-should-not-be-replicated.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0001-accesslog-database-should-not-be-replicated.patch"

From 351f3080b6fcf02dd67d4923e3c4e6fd99491b0a Mon Sep 17 00:00:00 2001
From: Jephte CLAIN <Jephte.Clain@univ-reunion.fr>
Date: Thu, 31 Dec 2015 12:03:56 +0400
Subject: [PATCH] accesslog database should not be replicated

---
 doc/guide/admin/overlays.sdf    |    4 ++++
 doc/guide/admin/replication.sdf |    3 +++
 2 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index fbf417b..026a35e 100644
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -79,6 +79,10 @@ or in raw form.
 
 It is also used for {{SECT:delta-syncrepl replication}}
 
+Note: an accesslog database is unique to a given master. Even though it may
have
+a syncprov overlay (e.g. when used for delta-syncrepl replication), it should
+NOT be replicated.
+
 H3: Access Logging Configuration
 
 The following is a basic example that implements Access Logging:
diff --git a/doc/guide/admin/replication.sdf b/doc/guide/admin/replication.sdf
index 54dabc0..7a3ebfc 100644
--- a/doc/guide/admin/replication.sdf
+++ b/doc/guide/admin/replication.sdf
@@ -743,6 +743,9 @@ all of the databases (primary, replica, and the accesslog
 storage database) should also have properly tuned {{DB_CONFIG}} files that meet

 your needs.
 
+Note: an accesslog database is unique to a given master. Even though the
+syncprov overlay is configured for delta-syncrepl replication, it should NOT be
+replicated on the client.
 
 H3: N-Way Multi-Master
 
-- 
1.7.2.5


--------------090104080006050907050407--


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org