top of page
Edgar Resendiz

Replication and memberOf

Several years ago the OpenLDAP project “deprecated” the `memberof` overlay with preference for the `dynlist` (dynamic lists) overlay. This was done in the `memberof` “man page” and is not, therefore, widely known or understood.


The `memberof` overlay lets deployments maintain group objects automatically, managing them based on *ismemberof* attributes in other entries (most often, user entries). The processing to maintain the groups is done during the update of the database, at “write” time. There is a fundamental problem dealing with the order of replication updates presented to Replica/Consumer servers receiving replication updates from others. While only triggering problems very rarely, it is known to be unsafe. The OpenLDAP Project has no plans to address these problems. An entirely new `autogroup` overlay will, when complete, replace `memberof` with very much the same function.


The `dynlist` overlay does something similar but it dynamically builds the group entries-list at “read” (query) time. This can be very useful in a wider range of use-cases and has received a lot of development attention and improvements since its introduction some years ago. However, since `dynlist` is dynamically building the response, there is significant processing done during the query and that has a performance impact, in certain cases, a very significant impact. `dynlist` is, at present, the only reliable technology for this function. Deployments with `memberof` should seriously consider switching over to `dynlist`, at least temporarily until `autogroup` is ready in 2.5 and 2.6.


Unfortunately, converting from `memberof` to `dynlist` is not a simple task. A `slapcat` dump must be modified first. Then, **The Cluster** has to have a database reload. This requires a maintenance window as `memberof` based servers can not replicate with `dynlist` based servers. Detailed instructions are being prepared.

304 views6 comments

Recent Posts

See All

The Achilles Heel of LRU Caches

Ever since we released LMDB, our advice to software designers has been "don't do application level caching. Let the kernel handle it for...

Additions and Subtractions

Symas is pleased to announce that its OpenLDAP builds, which have long been available for the x86_64 architecture, are now joined by a...

OpenLDAP 2.6 Long Term Support Announcement

The OpenLDAP Project is pleased to announce the promotion of OpenLDAP 2.6 from Feature Release to Long Term Support (LTS), effective as...

6 Comments


Archibald West
Archibald West
Nov 24

Looking for a reliable alternative to Brightree software? 🚀 Explore NikoHealth, a cutting-edge solution designed to streamline your healthcare operations. Whether it's DME, patient management, or billing, NikoHealth has you covered with its intuitive features and exceptional support.

Discover more here https://nikohealth.com/brightree-alternative/

Like

Victor Zhadan
Victor Zhadan
Nov 20

Discover the power of modern healthcare with our EMR and EHR software development services. Build custom software for smoother workflows, better patient support, and effortless data management. https://gloriumtech.com/electronic-health-record-ehr-software-development/


Like

Patricia Vega
Patricia Vega
Oct 03

Линкбилдинг играет важную роль в повышении авторитета вашего сайта в глазах поисковых систем. Узнайте, как использовать стратегически размещенные ссылки для улучшения вашего рейтинга на https://linkbuilder.com/ru/link-building и достижения высоких позиций в результатах поиска.

Like

Xavier Montagutelli (Boulot)
Xavier Montagutelli (Boulot)
Jun 03

Hello, Thank you for your post. I was thinking abour trying the overlay again. The problem with the memberOf overlay and replication was already there 6 or 7 years ago when I tried it, and even en 2024 there's no replacement ? I am disappointed by OpenLDAP ;-(

Like

Unknown member
Oct 07, 2023

Tired of the relentless quest for authentic electronic music downloads? Your quest ends at https://volumo.com/. With a treasure trove of tracks waiting to be explored, let your musical journey be boundless and profound.

Like
bottom of page