[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7019) attribute auditContext should not get replicated



quanah@zimbra.com wrote:
> Delta-Syncrepl (normal and MMR modes) both use an accesslog database.  So 
> your contention that accesslog DBs are not replicated is somewhat incorrect.

Up to now I thought that the accesslog DB itself is only accessible at the
provider and not replicated to the consumer. At least that's what's IMO
written in the OpenLDAP Admin Guide:

http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl

"Delta-syncrepl works by maintaining a changelog of a selectable depth on the
provider."

Also in the Admin Guide:
http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl
There's no accesslog database at the consumer (replica) configured.

Delta-syncrepl in MMR mode is not finished yet, therefore I ignore this case
for now.

Because you are nitpicking in my case I set up a testbed. The accesslog DB
itself is *not* replicated.

Anyway the main issue here is that I regard replicating the attribute
auditContext as not appropriate since you cannot access the referenced
accesslog DB at the consumer. And it seems that with delta syncrepl the
attribute is not replicated.

But it seems to be replicated in a MMR setup with separate accesslog DBs
configured at both providers. And this leads to this multiple but same(!)
attribute values.

We have four databases in our MMR test setup:
cn=wsvdir-accesslog-de (for c=DE)
cn=wsvdir-accesslog-system (for o=SYSTEM)
o=SYSTEM (replicated in MMR setup)
c=DE (replicated in MMR setup)

In both providers I have
dn: o=SYSTEM
auditContext: cn=wsvdir-accesslog-system
auditContext: cn=wsvdir-accesslog-system

It does not happen in c=DE though.

Ciao, Michael.