[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication
- From: quanah@symas.com
- Date: Fri, 12 Oct 2018 17:32:52 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Friday, October 12, 2018 5:27 PM +0000 quanah@symas.com wrote:
> So this should succeed, and yet it fails. Need to figure out why.
I dug into this further with Ondrej, and the issue is that ppolicy was
never updated to work correctly in a delta-sync MMR environment. ppolicy on
the receiving server currently has logic to test if it is a shadow (i.e.,
replica) and if so, change its behavior. But there is no similar logic to
handle the case if the receiving server is an MMR node (i.e., a shadow and
a master).
The following 3 changes to the code base for ppolicy would alleviate this
issue and other potential issues:
- test we're a replicated op, not just on shadow
- issue MOD_REPLACE (concurrent binds could have cleared that attribute on
the other servers)
- expect MOD_REPLACE as well as MOD_DELETE on replicated ops
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>