[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: URP - Schema
John Merrells wrote:
> OK, I failed with the single valued attribute one... so here's
> another try.
> An entry is updated on two servers. One Modify removes a
> value of the objectclass attribute and all the attributes
> required by that objectclass. Another, later, Modify on
> another server does a replace on the objectclass attribute
> keeping everything the same. We replicate and end up with
> an entry that violates the schema...
Yes, an entry can end up being in violation of the schema rules.
> I realise this is somewhat pathalogical, but it's not much
> worse than the 'I am my own parent' case.
I see them as being significantly different. We have to do something about
the "I am my own parent case" otherwise we would end up with parts of the DIT
being inaccessible by the access protocol (LDAP or DAP). If we can't access it
we can't fix it (except through some as yet undefined backdoor method).
On the other hand an entry that doesn't match the schema rules can still be
accessed and modified.
Note that X.500 does allow entries to violate schema. It is only expected to
be a temporary condition that administrators should fix ASAP. These situations
arise because it isn't possible to simultaneously modify a schema subentry and
all the entries depending on that subentry, nor is it possible to
simultaneously move an entry from one subschema area to another and modify
its contents to satisfy the new area.