[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dynlist enhancements, ITS#9121
- To: Howard Chu <hyc@symas.com>, Ondřej Kuzník <ondra@mistotebe.net>
- Subject: Re: dynlist enhancements, ITS#9121
- From: Michael Ströder <michael@stroeder.com>
- Date: Wed, 18 Dec 2019 21:03:17 +0100
- Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= mQENBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAG0J01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPokBNwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIuQENBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAGJAR8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
- Cc: OpenLDAP-devel@openldap.org
- Content-language: en-US
- In-reply-to: <c451e23c-cb03-5d09-29fd-14f1fc6d0af5@symas.com>
- References: <8c8bdc93-ff70-fc19-d8c4-1083ab40ca24@symas.com> <20191216224628.54wkg6tawvoymsc7@mistotebe.net> <6CF3E0002874407D22535DA5@[192.168.1.144]> <b2bc676b-b40f-2de9-593a-6e259eead822@symas.com> <c451e23c-cb03-5d09-29fd-14f1fc6d0af5@symas.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0
On 12/18/19 6:09 PM, Howard Chu wrote:
> Howard Chu wrote:
>> Quanah Gibson-Mount wrote:
>>> It would be great along with all of this to finally fix memberOf
>>> so it's actually functional (and replication safe) (I.e., can
>>> maintain membership regardless of user/group creation order).>>
>> That sounds like scope creep. Out of scope for the current discussion.
>>
> Just thinking about this a bit more - I don't really see any good solution here. If
> you want memberof to accept DNs of entries that don't exist, you can set memberof-dangling
> to ignore. And then it'll accumulate DNs of nonexistent entries...
>
> If you want it to maintain an accurate list of only existing entry DNs, then you
> have to check for existence at the time of updating the memberof attribute.
>
> Another option is to let it update lazily only during a refresh, and then run
> a cleanup job when the refresh completes. Not sure how we would rig things up
> for refreshDone to trigger other modules.
My feeling always was that 'memberOf' should simply be replicated like
other operational attributes (modifiersName, pwdChangedTime etc.).
Ondrej and me had a longer discussion about this at LDAPcon
pre-conference dinner. He was not sure whether my proposal could work.
So the big question is:
Why is 'memberOf' not replicated?
Next question is:
Can slapo-memberof detect whether a write operation comes from
replication and simply ignore that?
Ciao, Michael.