Re: memberOf overlay issues with 2.4.44 + ITS 8432 patch

[Quanah Gibson-Mount <quanah@symas.com>]

----- Original Message -----
> From: "Paul B. Henson" <henson@acm.org>
> To: openldap-technical@openldap.org
> Sent: Wednesday, December 21, 2016 6:56:30 PM
> Subject: memberOf overlay issues with 2.4.44 + ITS 8432 patch


> So far, I've only seem this behavior for group membership removals. Adds
> don't seem to cause a problem, nor do create/delete of groups or users
> as far as I can tell.
> 
> Any thoughts on what's going on here? It's not causing any failures yes,
> as removing members multiple times results in the same end state and the
> multiple replication seems to have a fairly low upper bound. But it
> would be nice to fix it :).

Looks like a bug with the memberOf overlay when it is instantiated in a delta-syncrepl environment, based on this statement from the memberOf man page:

       The memberof overlay may be used with any backend  that  provides  full
       read-write  functionality, but it is mainly intended for use with local
       storage backends. The maintenance operations it performs  are  internal
       to  the  server  on  which  the  overlay  is  configured  and are never
       replicated.  Replica  servers  should  be  configured  with  their  own
       instances  of  the  memberOf overlay if it is desired to maintain these
       memberOf attributes on the replicas.

Probably worth adding to ITS#8444.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>