[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication
From: ondra@mistotebe.net
Date: Tue, 16 Oct 2018 10:30:17 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Fri, Oct 12, 2018 at 05:32:52PM +0000, quanah@symas.com wrote:
> --On Friday, October 12, 2018 5:27 PM +0000 quanah@symas.com wrote:
> 
> > So this should succeed, and yet it fails.  Need to figure out why.
> 
> I dug into this further with Ondrej, and the issue is that ppolicy was 
> never updated to work correctly in a delta-sync MMR environment. ppolicy on 
> the receiving server currently has logic to test if it is a shadow (i.e., 
> replica) and if so, change its behavior.  But there is no similar logic to 
> handle the case if the receiving server is an MMR node (i.e., a shadow and 
> a master).
> 
> The following 3 changes to the code base for ppolicy would alleviate this 
> issue and other potential issues:
> 
> - test we're a replicated op, not just on shadow

The patch is available here:
https://github.com/mistotebe/openldap/tree/its8927

> - issue MOD_REPLACE (concurrent binds could have cleared that attribute on 
> the other servers)
> - expect MOD_REPLACE as well as MOD_DELETE on replicated ops

Maybe not exactly required since ppolicy will actually treat these
deletes as soft deletes if needed.

-- 
OndÅ?ej KuznÃk
Senior Software Engineer
Symas Corporation                       http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP

Prev by Date: Re: (ITS#8125) MMR throws away valid changes causing drift
Next by Date: Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication
Index(es):
- Chronological
- Thread