[389-users] replication with some attributes excluded leads to schema violation
Rich Megginson
rmeggins at redhat.com
Fri Jan 11 14:54:35 UTC 2013
On 01/11/2013 06:26 AM, Petr Spacek wrote:
> Hello 389 users and developers,
>
> I would be very happy if somebody could give me any advice about "the
> right way" to solve this problem:
>
> I have following objectClass in the schema:
> objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone
> class' SUP idnsRecord STRUCTURAL MUST ( idnsName $ idnsZoneActive $
> idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $
> idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy
> $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $
> idnsForwardPolicy $ idnsForwarders ) )
>
> Please note MUST attribute idnsSOAserial.
>
> I have two 389 servers on RHEL 6.4 with the same schema:
> 389-ds-base-1.2.11.15-10.el6.x86_64
>
> There is multi master replication agreement between machines
> vm-115<->vm-042.
>
> Attribute idnsSOAserial is excluded from incremental replication
> (export from vm-042):
> cn=meTovm-115,cn=replica,cn=dc\3Dexample,cn=mapping tree,cn=config
>
> idnsSOAserial: (objectclass=*) $ EXCLUDE memberof idnssoaserial
> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn
> krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
>
> Now I create a new object with objectClass idnsZone on vm-042. The new
> object is replicated to vm-115, but the attribute idnsSOAserial is
> missing - and this fact violates the schema.
>
>
> Is it expected behaviour?
Yes. Since idnssoaserial is excluded from incremental (I think there is
a typo above - idnsSOAserial: (objectclass=*) $ EXCLUDE is not correct),
it is excluded from the replicated ADD operation.
>
> What I misunderstood?
Nothing?
>
> Which approach you recommend to application developers for dealing
> with such situation?
So you would like idnsSOAserial to be included for replicated ADD
operations but excluded for replicated MOD operations?
>
> I don't like the approach where application have to go to *all* DS to
> initialize the excluded attribute, because:
> What the application should do if it's unable to connect to one of DSs?
>
> What if rollback is impossible? (E.g. attribute was initialized on
> replica1 and replica2 but the link from application to the world
> failed before replica3 was initialized.)
>
> Would it be possible to configure DS to replicate the attribute when
> object is created but not replicate further changes? It would defer
> all problems above to DS replication mechanism and simplify
> applications :-)
>
> Thank you for your time!
>
>
> I'm not subscribed to this list, please include me in Cc explicitly.
>
More information about the 389-users
mailing list