Question: Drop in replacement for existing openldap 2.4.44?
mgresko opened this issue · 1 comments
I am currently running openldap 2.4.44 in a multi-master setup and I am constantly seeing the contextCSN out of sync. I am not familiar with the details of what happens behind the scenes with syncprov but I keep seeing weird issues with ppolicy where a user tries to reset their password and the pwdReset attribute can't delete b/c openldap thinks it is not there. It is per ldapsearch which is confusing.
Can I compile this and use it as a drop in replacement? Appreciate any help or direction!
Yes, ReOpenLDAP 1.1.x could be used as drop-in replacement for OpenLDAP 2.4.40 and later versions.
However, I highly recommend reading the description of the additional features and differences in the man-pages, i.e. man slapd.conf, man slapd-mdb, man slapo-syncprov.
On the other hand, I can't give you a guarantee the ppolicy overlay will work properly in multi-master environment. Unfortunately, many overlays perform their work in a simplified way, with many assumptions, and without treating the errors properly. This can't be fixed in a simple way, but completely rewrite from scratch, starting from slapd itself.