On Fri, Oct 12, 2018 at 05:32:52PM +0000, [email protected] wrote: > --On Friday, October 12, 2018 5:27 PM +0000 [email protected] wrote: > > > So this should succeed, and yet it fails. Need to figure out why. > > I dug into this further with Ondrej, and the issue is that ppolicy was > never updated to work correctly in a delta-sync MMR environment. ppolicy on > the receiving server currently has logic to test if it is a shadow (i.e., > replica) and if so, change its behavior. But there is no similar logic to > handle the case if the receiving server is an MMR node (i.e., a shadow and > a master). > > The following 3 changes to the code base for ppolicy would alleviate this > issue and other potential issues: > > - test we're a replicated op, not just on shadow
The patch is available here: https://github.com/mistotebe/openldap/tree/its8927 > - issue MOD_REPLACE (concurrent binds could have cleared that attribute on > the other servers) > - expect MOD_REPLACE as well as MOD_DELETE on replicated ops Maybe not exactly required since ppolicy will actually treat these deletes as soft deletes if needed. -- OndÅej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
