[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7493) slapo-allowed: allowed* attrs are replicated

On 01/15/2013 01:56 PM, hyc@symas.com wrote:
> On Tue, Jan 15, 2013 at 12:18:59PM +0000, michael@stroeder.com wrote:
>> Full_Name:
>> Version: RE24 6f33e2c
>> OS:
>> URL:
>> Submission from: (NULL) (2001:8d8:1fe:1:d6be:d9ff:fe06:a14f)
>> It seems that operational attributes generated by slapo-allowed are replicated.
> Works as designed. These attributes are directoryOperation, not DSA-specific.

I see the point; since they're generated by the overlay in response to 
search operations, either they should not be replicated, or replication 
should accept them.

Their value depends on ACLs, so in order to reflect ACLs on a specific 
DSA they should be generated; however, I concur ACLs should not depend 
on the specific DSA of a replication setup.

I'm open to suggestions about how to fix this.


Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano