On 03/16/2015 06:50 PM, William wrote:
nsslapd-pluginAllowReplUpdates
It looks like there is no documentation about how this config value works though: and the values it influences aren't widely through the code so I can't confirm if it's a finished feature.
It is finished, and I will write a design document for it on the wiki (port389.org).
Thanks for that. I'd like to look at this document once you are done.
Can someone confirm if how I'm interpreting this is correct, and if we should open a documentation bug to get this documented?
So, by setting this to "on", it allows delete operations that come from replication to be processed by the RI plugin. Usually the RI plugin ignores replicated delete operations because it is assumed the supplier replica has the RI plugin enabled, and it has already performed the group cleanup(and those changes are replicated). So there is no need to do it twice. However, there are some scenarios where the supplier might NOT have enabled the RI plugin. In this case we do want the local RI plugin to process the replicated delete operation, and this is where this setting would come into play.
So in the case of having RI on two ldap servers, you would set this to off, since the server that handled the delete will replicate the other updates soon after. In the case of RI on a single server, when the non-RI server issues a delete, the RI enabled server would be triggered to run the RI checks. Is that correct?
Correct, but the RI enabled server needs to have nsslapd-pluginAllowReplUpdates set to "on" if there are any other master/supplier replication servers that do not have RI plugin enabled.
Given that you seem to be quite familiar with the refint code, can you comment on the ability to run two masters with both having the plugin enabled?
This is the preferred way, and requires no "special" configuration steps. Ideally all the servers in a replicated deployment should have the same plugin configurations. It's when server configurations are not the same that you can run into issues(e.g. needing to set nsslapd-pluginAllowReplUpdates to "on", etc).