[Date Prev][Date Next]
Re: Replication of LDAP extended operations
Erco Argante (RY/ETM) wrote:
I've configured a master slapd for replication, which nicely produces
entries in the replication log file for LDAP add/modify/delete
operations. However, when the master slapd receives an LDAP extended
operation (that modifies the LDAP DIT), which is successfully processed,
no entry is made in the replication log file. Consequently, slurpd will
not send the LDAP extended operation to slave slapd's and the slave DITs
will not be updated.
"Man slapd.replog(5)" does not mention anything about LDAP extended
The slurpd replog is based on the LDIF specification, which does not
provide any mechanism for denoting extended operations. So simply put,
it is impossible for slurpd to replicate extended operations.
The auditlog format that I've designed, which is used in OpenLDAP
delta-syncrepl, addresses this and many other shortcomings in the LDIF
The workaround used for the passwordModify exop code in OpenLDAP is to
internally re-issue the desired changes as a standard Modify operation.
This is the most reliable way to get the changes propagated.
Have I made an error and should this normally work?
Is it a deliberate choice of Open LDAP to not implement this
functionality, or might this functionality be added in future slapd
Is there a workaround for this problem other than not using LDAP
Going forward, slurpd will be dropped from the code base and only
syncrepl-based replication mechanisms will be supported.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/