LDAP sync frontend in v4.0.x
a.cudbardb at freeradius.org
Thu Apr 27 17:23:37 CEST 2017
> On Apr 27, 2017, at 4:21 AM, Michael Ströder <michael at stroeder.com> wrote:
> Arran Cudbard-Bell wrote:
>> Fancied taking a break from refactoring in v4.0.x.
>> The idea is that you can "listen" on DNs within your LDAP directory.
>> You then use the updates you receive to create/invalidate cache entries, or send
>> CoA/DM messages to reflect the changes that have occurred in LDAP.
> Nifty feature.
> But please put a fat note into the comments that the syncrepl client will not see an
> entry getting deactivated if server-side ACLs make deactivated entries invisible to the
> syncrepl client. (That's the reason why I don't use syncrepl in Æ-DIR clients.)
If a modification to an entry removes it from the set of entries accessible by the sync user, the sync user will not receive a notification that the entry has changed?
If so, then yes, that is a gotcha... but also just configure your ACLs correctly... There's no reason the user your binding with should have that sort of restriction.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users