Christian Kratzer wrote:
Hi, On Mon, 24 Mar 2014, Ulrich Windl wrote:Hi! Stupid question: If syn is based on entryUUID and entryCSN and objects are transferred in transactions, how can an obsolete or incomplete object exist on a server that is to be synced?if for example the acl on the provider does not show you all attributes because the acl is based on data not yet synced than the provider will give the consumer incomplete objects.
That makes no sense, since ACLs on the provider aren't dependent on data from any other server. I.e., whether the data is synced or not on a particular consumer won't change the evaluation of ACLs on the provider.
Hm... Unless of course, your ACLs depend on entries living in a back-ldap instance that points at a particular consumer. That would be quite bizarre.
Greetings Christian
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/