[Date Prev][Date Next]
Re: (ITS#8927) slapo-ppolicy is destructive to delta-sync replication
On Fri, Oct 12, 2018 at 05:32:52PM +0000, firstname.lastname@example.org wrote:
> --On Friday, October 12, 2018 5:27 PM +0000 email@example.com wrote:
> > So this should succeed, and yet it fails. Need to figure out why.
> I dug into this further with Ondrej, and the issue is that ppolicy was
> never updated to work correctly in a delta-sync MMR environment. ppolicy on
> the receiving server currently has logic to test if it is a shadow (i.e.,
> replica) and if so, change its behavior. But there is no similar logic to
> handle the case if the receiving server is an MMR node (i.e., a shadow and
> a master).
> The following 3 changes to the code base for ppolicy would alleviate this
> issue and other potential issues:
> - test we're a replicated op, not just on shadow
The patch is available here:
> - issue MOD_REPLACE (concurrent binds could have cleared that attribute on
> the other servers)
> - expect MOD_REPLACE as well as MOD_DELETE on replicated ops
Maybe not exactly required since ppolicy will actually treat these
deletes as soft deletes if needed.
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP