[Date Prev][Date Next]
Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.
Pierangelo Masarati wrote:
> back-meta, by design, doesn't honor ACLs, as documented in slapd-meta(5).
> The same happens for most of the backends that do not actually store data.
> The only backends that fully honor ACLs are back-bdb, hdb, ldbm and sql.
> ACLs are only honored on the data that is returned, because the frontend
> takes care of this. So, among the others, "search" permissions are not
> honored; only "read" permissions are.
That presents an interesting problem for syncrepl, then, doesn't it.
How would syncrepl work if the search descended into a meta backend and
doesn't return any appropriate data (no entryCSN?). This also gives a
performance issue with syncrepl, wouldn't it. My meta backend contains
several hundred thousand entries, if the search had to span the entire
backend (especially when the backend doesn't index or know about
entryCSN--err syncrepl uses entryCSN, right?), syncrepl would end up
being quite slow, wouldn't it?