The PassSync service currently has logic to abandon password changes that are older than a configurable backoff (the "Time To Live" registry setting). We purge old password changes right after we go through a sync operation for our backlog of password changes.
The problem with the current approach is that we might have some very old password changes, but we will end up replaying them. As an example, consider this scenario:
- PassSync is installed but the service is stopped.
- Password changes are accumulated for 1 week.
- PassSync is started.
When PassSync is started up, it will sync all of the changes, even though we should discard 1 week old changes.
I believe that this problem is easily solved by moving the call of UpdateBackoff() to be inside of SyncPasswords(). Specifically, we should call UpdateBackoff() right after we successfully load changes from the changelog, but just prior to opening an LDAP connection to DS.
The attached patch should resolve this issue, but it has not been tested yet.
Reviewed and tested the attached patch provided by Nathan:
Reviewed by Noriko.
Pushed to master: commit cd1ba8f53ae28c2a1795ef2dd775e5b95d649ccb
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=962583
Metadata Update from @nhosoi:
- Issue assigned to nkinder
- Issue set to the milestone: passsync 1.1.5
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
to comment on this ticket.