[Date Prev][Date Next]
Re: delta-syncrepl contextCSN update timing, schema checking
On Thu, May 01, 2008 at 09:57:25AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, May 01, 2008 11:39 AM -0400 John Morrissey <firstname.lastname@example.org>
> > Recently, a fluke in our configuration distribution system caused one of
> > our consumers (running 2.3.41) to have stale schema information. slapd
> > at debuglevel 16384 emitted:
> > Should this error have been raised in this case? I tried explicitly
> > disabling schemachecking ("schemachecking=off" in the syncrepl stanza),
> > but this error was still raised.
> The error is correct. schemachecking off makes it so that entries do not
> have to comply to *known* schema. Your schema was not known.
I guess I was confused by slapd.conf(5):
The schema checking can be enforced at the LDAP Sync consumer
site by turning on the schemachecking parameter. The default is
off. Schema checking on means that replicated entries must have
a structural objectClass, must obey to objectClass requirements
in terms of required/allowed attributes, and that naming
attributes and distinguished values must be present. As a
consequence, schema checking should be off when partial
replication is used.
The reason it works this way (and how it serves the partial replication use
case) makes total sense now, but I might not be the only one to draw the
wrong conclusion from something like "schemachecking=off".
I'm not sure how I would reword this part of the man page, but FWIW it was
what confused me about this option's behavior.
John Morrissey _o /\ ---- __o
email@example.com _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__