[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6915) memberof+accesslog duplicate reqStart
ebackes@symas.com wrote:
> Full_Name: Emily Backes
> Version: 2.4.25
> OS: any
> URL:
> Submission from: (NULL) (76.88.107.46)
>
> In recent OpenLDAPs (2.4.25 at least, but I haven't found exactly where
> it started), memberof interacts badly with accesslog.
See also:
http://www.openldap.org/lists/openldap-technical/201104/msg00242.html
> In a simple test case with a groupOfNames and two people, if you add a
> person to the group, memberOf should set their memberOf opeational
> attribute to point to the group. That works! But currently the
> accesslog db will only show the change for the memberof update and not
> the original group change.
I can confirm that.
> Digging deeper, I found:
> [..]
> The changes are reaching accesslog, but don't make it into the logdb
> because their generated DNs based on reqStart match.
Ah, that explains it.
> reqStart is generated with a generalizedTime stamp where the
> microseconds are an incrementing count based on o_tincr, but this does
> not seem to be incremented, or incremented enough.
>
> It's not entirely clear why this is a problem now and not earlier.
Maybe it was always a problem. Because I've started the thread above before
installing 2.4.25:
http://www.openldap.org/lists/openldap-technical/201103/msg00032.html
I had 2.4.24 or 2.4.23 installed back then.
> This may be related to ITS#6766.
Seems similar and the group modification is the same like in cases where I
observed the behaviour described in my postings.
Ciao, Michael.