As taken from elsewhere on this list: The primary issue is that if a server goes into REFRESH mode, the order in which the entries are sent back may not allow the slapo-memberOf overlay to rebuild the groups correctly.
Details: https://bugs.openldap.org/show_bug.cgi?id=8613 For dynlist: Take the latest 2.5/2.6 Remove the memberOf overlay, load and enable the dynlist overlay on your nodes Set dynlist-attrset according to your member/group naming. Example: dynlist-attrset groupOfURLs memberURL uniqueMember+memberOf@groupOfUniqueNames* On Fri, Apr 19, 2024, 16:46 BECOT Jérôme <[email protected]> wrote: > Hello ! > > I have few questions regarding replication. I'm doing partial replication > on plain replication by limiting the syncrepl user permissions in the ACL. > It works well. Is it supported ? Would it work with a delta-sync > replication ? > > Another thing I've been told about is about memberOf overlay. My colleague > told me that replication may fail when memberOf is enabled on consumers, > mainly because sometimes the group is replicated before the user and > memberOf would create an entry if a search is made on the user not yet > replicated. Have you some insights about this behaviour that I have not met > yet ? > > Regards >
