[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.
From: pfnguyen@hanhuy.com
Date: Thu, 15 Sep 2005 00:21:26 GMT
I don't know how relevant this is, but I tried a similar ldapsearch 
query from the DN of the syncrepl consumer.  Even though the ACLs 
decline access to to the subtree in question, it seems slapd still 
chases down into the meta-backend, given the log below.

Should the server's search continue into the meta-backends even though 
the ACLs deny access?  Obviously, the client never received any entries 
that it was forbidden to access.

KRB5CCNAME=/etc/krb5.tkt.ldap ldapsearch -Y gssapi -H ldaps://wassup.svl.ibm.com/ -l 0 -z 4096 -b ou=ecmbi,o=ibm '*' +

# Deny access to replicate the SSO DIT
access to dn.sub="ou=sso,ou=ecmbi,o=ibm"
        by dn.base="uid=LDAP Replication Slave,ou=Services,ou=ecmbi,o=ibm" none
        by * read

database        meta
readonly        on
nretries        forever
suffix          "ou=sso,ou=ecmbi,o=ibm"
uri             "ldaps://bluepages.ibm.com/c=us,ou=sso,ou=ecmbi,o=ibm"
suffixmassage   "c=us,ou=sso,ou=ecmbi,o=ibm" "c=us,ou=bluepages,o=ibm.com"
uri             "ldaps://bluepages.ibm.com/c=cn,ou=sso,ou=ecmbi,o=ibm"
suffixmassage   "c=cn,ou=sso,ou=ecmbi,o=ibm" "c=cn,ou=bluepages,o=ibm.com"
uri             "ldap:///ou=sso,ou=ecmbi,o=ibm";
suffixmassage   "ou=sso,ou=ecmbi,o=ibm" "ou=SSO Stub,ou=ecmbi,o=ibm"

#uri             "ldap:///ou=sso,ou=ecmbi,o=ibm";
#suffixmassage   "ou=sso,ou=ecmbi,o=ibm" "ou=Build Accounts,ou=ecmbi,o=ibm"
subordinate

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "ou=ecmbi,o=ibm"

# an unusable rootdn for features that require it.
rootdn          "cn=LDAP Directory Master,ou=DSE,ou=ecmbi,o=ibm"

directory       /var/lib/ldap

cachesize       1024
checkpoint      1024 15
# Indices to maintain for this database
index entryUUID,entryCSN                eq
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index member,uniqueMember               eq

### Index for krb5
index krb5PrincipalName                 eq

index notesShortName                    eq

# enable this server as a syncrepl master
overlay         syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

Sep 14 17:07:49 wassup slapd[17843]: @(#) $OpenLDAP: slapd 2.3.7 (Sep  2 2005 10:16:32) $       pfnguyen@swapus.svl.ibm.com:/home/pfnguyen/openldap-2.3.7/servers/slapd
Sep 14 17:07:49 wassup slapd[17844]: slapd starting
Sep 14 17:07:58 wassup slapd[17844]: conn=0 fd=15 ACCEPT from IP=9.30.47.49:57906 (IP=0.0.0.0:636)
Sep 14 17:07:58 wassup slapd[17844]: conn=0 fd=15 TLS established tls_ssf=256 ssf=256
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=0 BIND dn="" method=163
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=0 RESULT tag=97 err=14 text=
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=1 BIND dn="" method=163
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=1 RESULT tag=97 err=14 text=
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=2 BIND dn="" method=163
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=2 BIND authcid="ldap/swapus.svl.ibm.com" authzid="ldap/swapus.svl.ibm.com"
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=2 RESULT tag=97 err=0 text=
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=2 BIND dn="uid=ldap replication slave,ou=services,ou=ecmbi,o=ibm" mech=GSSAPI ssf=56
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=3 SRCH base="ou=ecmbi,o=ibm" scope=2 deref=0 filter="(objectClass=*)"
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=3 SRCH attr=* +
Sep 14 17:07:58 wassup slapd[17844]: conn=0 op=3 meta_back_single_dobind: ldap_result=0 nretries=-1
Sep 14 17:07:59 wassup last message repeated 9 times
Sep 14 17:07:59 wassup slapd[17844]: conn=1 fd=20 ACCEPT from IP=127.0.0.1:55695 (IP=0.0.0.0:389)
Sep 14 17:07:59 wassup slapd[17844]: conn=1 op=0 BIND dn="" method=128
Sep 14 17:07:59 wassup slapd[17844]: conn=1 op=0 RESULT tag=97 err=0 text=
Sep 14 17:07:59 wassup slapd[17844]: conn=1 op=1 SRCH base="ou=SSO Stub,ou=ecmbi,o=ibm" scope=2 deref=0 filter="(objectClass=*)"
Sep 14 17:07:59 wassup slapd[17844]: conn=1 op=1 SRCH attr=* +
Sep 14 17:07:59 wassup slapd[17844]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "EMPLOYEECOUNTRYCODE" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "IBMSERIALNUMBER" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "PRIMARYNODE" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "PRIMARYUSERID" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "PDIF" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "ISMANAGER" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "MANAGERCOUNTRYCODE" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "CALLUPNAME" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "MIDDLEINITIAL" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "NOTESEMAIL" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "NOTESMAILDOMAIN" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "NOTESMAILFILE" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "NOTESMAILSERVER" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "DIRECTORYALIAS" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "DEPT" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "DIV" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATETIELINE" inserted.
Sep 14 17:07:59 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATETELEPHONENUMBER" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PREFERREDFIRSTNAME" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATEPOSTALCODE" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "TIELINE" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATEADDRESS2" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATEADDRESS1" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "NOTESID" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "JOBRESPONSIBILITIES" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "MANAGERSERIALNUMBER" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PREFERREDLASTNAME" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "DIVDEPT" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "SECRETARYCOUNTRYCODE" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "SECRETARYSERIALNUMBER" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "TIMESTAMPBPGUI" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "ENTRYTYPE" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "HRORGANIZATIONCODE" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PASSWORDISEXPIRED" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PASSWORDISRESET" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PASSWORDISSTRUCKOUT" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "PASSWORDMODIFYTIMESTAMP" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "FLOOR" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "IBMLOC" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "WORKLOC" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "WORKLOCATION" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "WORKPLACEINDICATOR" inserted.
Sep 14 17:08:00 wassup slapd[17844]: PROXIED attributeDescription "HRACTIVE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRASSIGNEE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRASSIGNMENT" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRCOMPANYCODE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRCOUNTRYCODE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRDEPARTMENT" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HREMPLOYEETYPE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRFIRSTNAME" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRINITIAL" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRLASTNAME" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRMANAGERPSC" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRMANAGERSERIAL" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRPSC" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRSERIALNUMBER" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "HRMANAGERINDICATOR" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "TIMESTAMPFEED" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "COREDATAINTEGRITY" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATENODE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATEUSERID" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "FACSIMILETIELINE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "CONTRACTORRECORDEXPIRATION" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "DEPARTMENT" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "SHIFT" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "INTERNALMAILDROP" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "BACKUPCOUNTRYCODE" inserted.
Sep 14 17:08:01 wassup slapd[17844]: PROXIED attributeDescription "BACKUPSERIALNUMBER" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "ADDITIONAL" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "BACKUP" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATELOCALITYNAME" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "ALTERNATEST" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "INFOTELEPHONENUMBER" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "CONTRACTORCOMPANY" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "PHONEMAILNUMBER" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "TERRITORY" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "PAGERSERVICEPROVIDER" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "PAGERID" inserted.
Sep 14 17:08:02 wassup slapd[17844]: PROXIED attributeDescription "PAGERTYPE" inserted.
Sep 14 17:08:04 wassup slapd[17844]: PROXIED attributeDescription "BLUEPAGESNOTESIDERROR" inserted.
Sep 14 17:08:09 wassup slapd[17844]: PROXIED attributeDescription "ISODMMANAGER" inserted.
Sep 14 17:08:09 wassup slapd[17844]: PROXIED attributeDescription "HRDIVISION" inserted.
Sep 14 17:08:09 wassup slapd[17844]: PROXIED attributeDescription "HRFAMILYNAME" inserted.
Sep 14 17:08:09 wassup slapd[17844]: PROXIED attributeDescription "HRMIDDLENAME" inserted.
Sep 14 17:08:09 wassup slapd[17844]: PROXIED attributeDescription "HRPREFERREDNAME" inserted.
Sep 14 17:08:14 wassup slapd[17844]: conn=0 op=3 SEARCH RESULT tag=101 err=3 nentries=38 text=
Sep 14 17:08:14 wassup slapd[17844]: conn=0 op=4 UNBIND
Sep 14 17:08:14 wassup slapd[17844]: conn=0 fd=15 closed
Sep 14 17:08:14 wassup slapd[17844]: conn=1 op=2 UNBIND
Sep 14 17:08:14 wassup slapd[17844]: conn=1 fd=20 closed
Prev by Date: Re: getent group with openldap backend crashes ## 2nd
Next by Date: Re: (ITS#3996) syncrepl with subordinate back-meta keeps reconnecting.
Index(es):
- Chronological
- Thread