On Wed, Jul 27, 2016 at 11:54:16AM +0200, Lukas Slebodnik wrote:
ehlo,
attached patch fixes acces denied after activating user in 389ds.
Jakub had some comments/ideas in ticket but I think it's better to discuss
about virtual attributes and timestamp cache on mailing list.
Yes, so the comment I have is that while this works, it might break some
strange LDAP servers.
We use modifyTimestamp as a 'positive' indicator that the entry has not
changed -- if the modifyTimestamp didn't change, we consider the cached
entry the same as what is on the server and only bump the timestamp
cache. If the timestamp is different, we do a deep-comparison of cached
attribute values with what is on the LDAP server and write the sysdb
cache entry only if the attributes differ.
I was wondering if we can use the modifyTimestamp at all, then, because
even if it's the same, we might want to check the attributes to see if
some of the values are different because some of the attributes might be
this operational/virtual attribute..