[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: Replication Questions
From: Erik de Waard <erikdewaard () gmail ! com>
Date: 2024-04-20 20:05:05
Message-ID: CAENcd0Y+oE=OX7tJfY3KH3tg=f9dHE=f6KAW_igBmwBojKBYEQ () mail ! gmail ! com
[Download RAW message or body]
As taken from elsewhere on this list:
The primary issue is that if a server goes into REFRESH mode, the order in
which the entries are sent back may not allow the slapo-memberOf overlay to
rebuild the groups correctly.
Details:
https://bugs.openldap.org/show_bug.cgi?id=8613
For dynlist:
Take the latest 2.5/2.6
Remove the memberOf overlay,
load and enable the dynlist overlay on your nodes
Set dynlist-attrset according to your member/group naming.
Example:
dynlist-attrset groupOfURLs memberURL
uniqueMember+memberOf@groupOfUniqueNames*
On Fri, Apr 19, 2024, 16:46 BECOT Jérôme <jbecot@itsgroup.com> wrote:
> Hello !
>
> I have few questions regarding replication. I'm doing partial replication
> on plain replication by limiting the syncrepl user permissions in the ACL.
> It works well. Is it supported ? Would it work with a delta-sync
> replication ?
>
> Another thing I've been told about is about memberOf overlay. My colleague
> told me that replication may fail when memberOf is enabled on consumers,
> mainly because sometimes the group is replicated before the user and
> memberOf would create an entry if a search is made on the user not yet
> replicated. Have you some insights about this behaviour that I have not met
> yet ?
>
> Regards
>
[Attachment #3 (text/html)]
<div dir="auto">As taken from elsewhere on this list:<div dir="auto"><br></div><div \
dir="auto">The primary issue is that if a server goes into REFRESH mode, the order in \
which the entries are sent back may not allow the slapo-memberOf overlay to rebuild \
the groups correctly.</div><div dir="auto"><br></div><div \
dir="auto">Details:</div><div dir="auto"><a \
href="https://bugs.openldap.org/show_bug.cgi?id=8613">https://bugs.openldap.org/show_bug.cgi?id=8613</a></div><div \
dir="auto"><br></div><div dir="auto">For dynlist:</div><div dir="auto"><br></div><div \
dir="auto">Take the latest 2.5/2.6 </div><div dir="auto">Remove the memberOf \
overlay,</div><div dir="auto">load and enable the dynlist overlay on your \
nodes</div><div dir="auto"><br></div><div dir="auto">Set dynlist-attrset according to \
your member/group naming.</div><div dir="auto"><br></div><div \
dir="auto">Example:</div><div dir="auto"><br></div><div dir="auto">dynlist-attrset \
groupOfURLs memberURL uniqueMember+memberOf@groupOfUniqueNames*</div><div \
dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Apr 19, 2024, 16:46 BECOT Jérôme <<a \
href="mailto:jbecot@itsgroup.com">jbecot@itsgroup.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hello !</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I have few questions regarding replication. I'm doing partial replication on \
plain replication by limiting the syncrepl user permissions in the ACL. It works \
well. Is it supported ? Would it work with a delta-sync replication ?</div> <div \
style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Another thing I've been told about is about memberOf overlay. My colleague told \
me that replication may fail when memberOf is enabled on consumers, mainly because \
sometimes the group is replicated before the user and memberOf would create an entry \
if a search is made on the user not yet replicated. Have you some insights about \
this behaviour that I have not met yet ?</div> <div \
style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Regards</div>
</div>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic