[Date Prev][Date Next]
Re: (ITS#6915) memberof+accesslog duplicate reqStart
> Full_Name: Emily Backes
> Version: 2.4.25
> OS: any
> Submission from: (NULL) (188.8.131.52)
> In recent OpenLDAPs (2.4.25 at least, but I haven't found exactly where
> it started), memberof interacts badly with accesslog.
> In a simple test case with a groupOfNames and two people, if you add a
> person to the group, memberOf should set their memberOf opeational
> attribute to point to the group. That works! But currently the
> accesslog db will only show the change for the memberof update and not
> the original group change.
I can confirm that.
> Digging deeper, I found:
> The changes are reaching accesslog, but don't make it into the logdb
> because their generated DNs based on reqStart match.
Ah, that explains it.
> reqStart is generated with a generalizedTime stamp where the
> microseconds are an incrementing count based on o_tincr, but this does
> not seem to be incremented, or incremented enough.
> It's not entirely clear why this is a problem now and not earlier.
Maybe it was always a problem. Because I've started the thread above before
I had 2.4.24 or 2.4.23 installed back then.
> This may be related to ITS#6766.
Seems similar and the group modification is the same like in cases where I
observed the behaviour described in my postings.