[Date Prev][Date Next]
Re: (ITS#7493) slapo-allowed: allowed* attrs are replicated
On 01/15/2013 01:56 PM, firstname.lastname@example.org wrote:
> On Tue, Jan 15, 2013 at 12:18:59PM +0000, email@example.com wrote:
>> Version: RE24 6f33e2c
>> Submission from: (NULL) (2001:8d8:1fe:1:d6be:d9ff:fe06:a14f)
>> It seems that operational attributes generated by slapo-allowed are replicated.
> Works as designed. These attributes are directoryOperation, not DSA-specific.
I see the point; since they're generated by the overlay in response to
search operations, either they should not be replicated, or replication
should accept them.
Their value depends on ACLs, so in order to reflect ACLs on a specific
DSA they should be generated; however, I concur ACLs should not depend
on the specific DSA of a replication setup.
I'm open to suggestions about how to fix this.
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano