[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication of LDAP extended operations



Erco Argante (RY/ETM) wrote:
Hi,

I've configured a master slapd for replication, which nicely produces
entries in the replication log file for LDAP add/modify/delete
operations. However, when the master slapd receives an LDAP extended
operation (that modifies the LDAP DIT), which is successfully processed,
no entry is made in the replication log file. Consequently, slurpd will
not send the LDAP extended operation to slave slapd's and the slave DITs
will not be updated.

"Man slapd.replog(5)" does not mention anything about LDAP extended
operations.

The slurpd replog is based on the LDIF specification, which does not provide any mechanism for denoting extended operations. So simply put, it is impossible for slurpd to replicate extended operations.


The auditlog format that I've designed, which is used in OpenLDAP delta-syncrepl, addresses this and many other shortcomings in the LDIF spec. http://www.ietf.org/internet-drafts/draft-chu-ldap-logschema-00.txt
Have I made an error and should this normally work?

Is it a deliberate choice of Open LDAP to not implement this
functionality, or might this functionality be added in future slapd
implementations?
Is there a workaround for this problem other than not using LDAP
extended operations?
The workaround used for the passwordModify exop code in OpenLDAP is to internally re-issue the desired changes as a standard Modify operation. This is the most reliable way to get the changes propagated.

Going forward, slurpd will be dropped from the code base and only syncrepl-based replication mechanisms will be supported.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/