Howard Chu wrote:
One feature that's still needed in some cases (e.g., using
syncrepl to push updates to another slave thru back-ldap) is an
updatedn identity with the privilege to write to unmodifiable
operational attributes. I guess this isn't something the Relax
control is intended to allow. We can keep using the updatedn but
it feels like this is something that should be generalized. E.g.
one might want to have a cluster of servers sending updates to
each other, with a unique identity for each server, and all of
them with privilege to write to operational attributes. I think
the updatedn feature captures the idea ("this identity is a DSA")
but it just needs to be more flexibly configured.
Makes sense. In principle, slapd should allow any "push"
replication mechanism that complies with its requirements in terms
of operational attributes to work. Another mechanism, which would
require more "pusher"'s modification, would be to use a control
that behaves like "rekax", which explicitly indicates a DSA is
replicating data.