[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.

Pierangelo Masarati wrote:
> back-meta, by design, doesn't honor ACLs, as documented in slapd-meta(5). 
> The same happens for most of the backends that do not actually store data.
>  The only backends that fully honor ACLs are back-bdb, hdb, ldbm and sql. 
> ACLs are only honored on the data that is returned, because the frontend
> takes care of this.  So, among the others, "search" permissions are not
> honored; only "read" permissions are.
> p.

That presents an interesting problem for syncrepl, then, doesn't it. 
How would syncrepl work if the search descended into a meta backend and 
doesn't return any appropriate data (no entryCSN?).  This also gives a 
performance issue with syncrepl, wouldn't it.  My meta backend contains 
several hundred thousand entries, if the search had to span the entire 
backend (especially when the backend doesn't index or know about 
entryCSN--err syncrepl uses entryCSN, right?), syncrepl would end up 
being quite slow, wouldn't it?