[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl push model with searchbase=""

To: openldap-software@openldap.org
Subject: syncrepl push model with searchbase=""
From: ml+openldap@esmtp.org
Date: Wed, 14 Oct 2009 19:12:11 -0700
Content-disposition: inline
Mail-followup-to: ml+openldap@esmtp.org, openldap-software@openldap.org
User-agent: Mutt/1.5.9i

I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project
started before 2.4..19 came out). The old configuration uses slurpd,
hence I have been tasked to set up a producer/consumer replication
via syncrepl using the push model. I'm following the example from
the admin guide but I have to modify the suffix/searchbase to be
"" (as we allow pretty much anything in the DB).

Doing this causes these log messages (loglevel 0x4000):

on the master:
do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
do_syncrep2: cookie=rid=001,sid=001,csn=20091014205621.868761Z#000000#001#000000
slap_queue_csn: queing 0x2aaaac001d90 20091014205621.868761Z#000000#001#000000
null_callback : error code 0x35
syncrepl_updateCookie: rid=001 be_modify failed (53)

on the consumer:
slap_queue_csn: queing 0xd8e3a30 20091014205621.868761Z#000000#001#000000
slap_graduate_commit_csn: removing 0xd8e3b00 20091014205621.868761Z#000000#001#000000
conn=0 op=42 do_modify: root dse!

This seems to be a problem with ``searchbase=""'' (in ``syncrepl'').
If it is changed to ``searchbase="dc=com"'' (and matching ``suffix
"dc=com"'' for ``database ldap'') the error does not occur.

Is it possible to achieve what we want using some other options?


Relevant parts from master slapd.conf:
----------------------------------------
database        monitor

database        bdb
directory       /var/ldap/openldap-bdb
suffix          ""
rootdn          "cn=Manager"
rootpw          syncroni
index   entryCSN,entryUUID              eq
serverID 001
overlay syncprov

database        ldap
hidden          on
suffix          ""
rootdn          "cn=slapd-ldap"
uri             ldap://CONSUMER.HOST/
lastmod         on
restrict        all

acl-bind        bindmethod=simple
        binddn="cn=Monitor"
        credentials=password

syncrepl        rid=001
        provider=ldap://localhost/
        bindmethod=simple
        binddn="cn=Manager"
        credentials=syncroni
        scope=children
        searchbase=""
        filter="(objectClass=*)"
        type=refreshAndPersist
        retry="5 2 300 2"
----------------------------------------

relevant parts from consumer slapd.conf:
----------------------------------------
database        monitor
rootdn  "cn=Monitor"
rootpw  password

database        bdb
directory       /var/ldap/openldap-bdb
suffix          ""
index   entryUUID  eq
access to dn.subtree="" attrs=hasSubordinates
        by dn.exact="cn=Monitor" none
        by * read
access to dn.subtree=""
        by dn.exact="cn=Monitor" write
        by * read
updatedn        "cn=Monitor"
updateref       ldap://MASTER.HOST/
----------------------------------------

Follow-Ups:
- Re: syncrepl push model with searchbase=""
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: syncrepl push model with searchbase=""
  - From: Pierangelo Masarati <masarati@aero.polimi.it>
- Re: syncrepl push model with searchbase=""
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: TLSProtocolMin 3.0 not accepted in 2.4.18
Next by Date: memberOf does not Update on Group Modify
Index(es):
- Chronological
- Thread