[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6915) memberof+accesslog duplicate reqStart



ebackes@symas.com wrote:
> Full_Name: Emily Backes
> Version: 2.4.25
> OS: any
> URL: 
> Submission from: (NULL) (76.88.107.46)
> 
> In recent OpenLDAPs (2.4.25 at least, but I haven't found exactly where
> it started), memberof interacts badly with accesslog.

See also:
http://www.openldap.org/lists/openldap-technical/201104/msg00242.html

> In a simple test case with a groupOfNames and two people, if you add a
> person to the group, memberOf should set their memberOf opeational
> attribute to point to the group.  That works!  But currently the
> accesslog db will only show the change for the memberof update and not
> the original group change.

I can confirm that.

> Digging deeper, I found:
> [..]
> The changes are reaching accesslog, but don't make it into the logdb
> because their generated DNs based on reqStart match.

Ah, that explains it.

> reqStart is generated with a generalizedTime stamp where the
> microseconds are an incrementing count based on o_tincr, but this does
> not seem to be incremented, or incremented enough.
> 
> It's not entirely clear why this is a problem now and not earlier.

Maybe it was always a problem. Because I've started the thread above before
installing 2.4.25:

http://www.openldap.org/lists/openldap-technical/201103/msg00032.html

I had 2.4.24 or 2.4.23 installed back then.

> This may be related to ITS#6766.

Seems similar and the group modification is the same like in cases where I
observed the behaviour described in my postings.

Ciao, Michael.