Howard Chu wrote: > Ferenc Wagner wrote: >> Howard Chu <firstname.lastname@example.org> writes: >> >>> Ferenc Wagner wrote: >>> >>>> I'm running a couple of partial replicas, where the replicated content >>>> is narrowed by provider ACLs. All is fine. Now, I need to extend the >>>> replicas with a new attribute, so I extend the ACL to allow reading of >>>> this attribute as well. How can I get the replicas synchronize this new >>>> attribute without downtime? Is forcing a full reload by slapd -c rid=1 >>>> a good solution? >>> >>> That should work, for a standard provider/consumer replication. >> >> Pretty standard, I guess. But for the future: where's the catch? For what >> setups would this fail to work? > > In MMR, updates whose entryCSN match the entry's existing entryCSN will be > ignored, so a resync attempt like this won't change anything. > >> Also, this slapd restart mean at least some downtime. Is there a way to >> trigger such resync online, without slapd being stopped at all? If not, >> is there a fundemental problem stopping the implementation of such a >> feature? > > Submit an enhancement request to the ITS, find someone interested in coding it. I vaguely remember that Kurt once had the idea of "touching" an entry by sending a modify request with empty modlist. If this "touch" would update 'entryCSN' it would be a better approach than full re-sync in case of fairly small count of affected entries. Or maybe better use an extended control for this to avoid interop issues with broken clients accidently sending such a empty modify list. Since such a functionality would be also interesting for other LDAP server implementations discussion on ldapext mailing list / WG ;-) would be appropriate. Ciao, Michael.
Description: S/MIME Cryptographic Signature