[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7710) contextCSN values not updated by internal non-replicated ops
michael@stroeder.com wrote:
> On Wed, 09 Oct 2013 08:13:24 -0700 Howard Chu <hyc@symas.com> wrote
>> slapd already strips DSA-specific attributes before sending a syncrepl entry.
>> memberOf is not marked in the schema as DSA-specific. This is working as
>> designed.
>
> IIRC attribute 'memberOf' was replicated in former releases. So it was not
> DSA-specific back then.
>
> Then the behaviour was changed in a more recent OpenLDAP release. Nowadays each
> replica has to be configured with slapo-memberof performing *local* operations.
> Therefore I'd argue that 'memberOf' should be marked DSA-specific now since the
> *local* configuration is significant for its content.
> Note that there is no formal specification for attribute 'memberOf' at all.
>
> I have deployments where most users are member of more than 10 groups,
> sometimes more than 20. So not sending 'memberOf' could save quite a lot of
> network traffic.
>
> What are your objections against marking 'memberOf' as DSA-specific?
>
> (I vaguely remember this being discussed before without result though.)
Additionally consider partial replication where only a subset of group entries
is present on a certain consumer. One would not want to have 'memberOf' point
to group entries not really existing on that consumer.
=> 'memberOf' is definitely DSA-specific.
Ciao, Michael.