Created attachment 513997 [details]
Slapd configuration file
Description of problem:
DDS overlay tolerance parametr doesn't function. Default ttl parametr work bad with set dds-tolerance. EntryTtl attribute has right value, but entry is delete before ttl expiration.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
(slapd.conf is in attachement)
dn: cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com
cn: OpenLDAP Documentation Meeting
member: cn=testusr1, dc=my-domain,dc=com
member: cn=testusr2, dc=my-domain,dc=com
4. ldapsearch -LLL -x -b 'cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com' \"(objectClass=dynamicObject)\"
Entry cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=my-domain,dc=com doesn't exist after 120s (lifetime should be entryTtl + tolerance = 240s). Even entry doesn't exist after 30s.
Entry should be exist after 120s.
Created attachment 517864 [details]
olcDDStolerance setting had inverse effect and in fact was shortening entries real TTL. Attaching patch. It will be submitted upstream.
Resolved in openldap-2.4.23-17.el6
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
- OpenLDAP server with 'dds' overlay configured and olcDDStolerance is set.
- The dynamic entries are deleted before their TTL is expired. olcDDStolerance is shortening dynamic entries TTL, instead of its prolonging.
- The patch was applied to correctly evaluate real time of dynamic entries deletion.
- The dynamic entries real lifetime is entry's entryTtl + olcDDStolerance as described in documentation
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.