[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.
From: pfnguyen@hanhuy.com
Date: Thu, 15 Sep 2005 16:10:38 GMT

Pierangelo Masarati wrote:
> back-meta, by design, doesn't honor ACLs, as documented in slapd-meta(5). 
> The same happens for most of the backends that do not actually store data.
>  The only backends that fully honor ACLs are back-bdb, hdb, ldbm and sql. 
> ACLs are only honored on the data that is returned, because the frontend
> takes care of this.  So, among the others, "search" permissions are not
> honored; only "read" permissions are.
> 
> p.

That presents an interesting problem for syncrepl, then, doesn't it. 
How would syncrepl work if the search descended into a meta backend and 
doesn't return any appropriate data (no entryCSN?).  This also gives a 
performance issue with syncrepl, wouldn't it.  My meta backend contains 
several hundred thousand entries, if the search had to span the entire 
backend (especially when the backend doesn't index or know about 
entryCSN--err syncrepl uses entryCSN, right?), syncrepl would end up 
being quite slow, wouldn't it?

Prev by Date: getent group with openldap backend crashes ## 3rd
Next by Date: (ITS#4031) Syncrepl core dump
Index(es):
- Chronological
- Thread