in ticket https://fedorahosted.org/freeipa/ticket/5538 Ludwig has
suggested to exclude Dogtag's o=ipaca tree from the changelog. Sometimes
vault-archive fails because of a failed write to the Retro Changelog.
The RetroCL was enabled in https://fedorahosted.org/freeipa/ticket/3967
for the bind-dyndb-ldap plugin. Otherwise it is not needed under normal
circumstances because 389 doesn't use SyncRepl for replication. In #3967
Nathan has expressed his concerns for possible performance issues, too.

Petr, Ludwig,
would it makes sense to restrict RetroCL to cn=dns,$SUFFIX rather than
excluding o=ipaca? The plugin supports both includes and exclude,


Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to