[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7400) Memberof and Syncrepl incompatibility

Full_Name: Arunkumar shanmugam
Version: 2.4.29
OS: rhel5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


I'm currently using Openldap 2.4.29 to model an Authorization platform. I
noticed some inconsistent behavior with syncrepl and memberof overlays.

The issue happens as follows:

If I Create groups with a large number of members and delete them in quick
succession on the writemaster, the data replicated to the readslave is
incorrect, in particular, the memberof fields of the User objects.

This seems to happen because the memberof field is getting replicated to the
slave nodes, although the documentation states that it shouldn't. While
replicating, the User object is replicated inclusive of the memberof fields, but
by the time the syncrepl search comes to the group object, it has already been
deleted, and hence not replicated. This leaves a dangling memberof field in the
read slave instance.

I was wondering if anyone has faced this issues (I did not see any ITS related
to this), and has a workaround.