[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [JunkMail] (ITS#5393) syncrepl push based replication with back-ldap fails

To: openldap-its@OpenLDAP.org
Subject: Re: [JunkMail] (ITS#5393) syncrepl push based replication with back-ldap fails
From: hyc@symas.com
Date: Wed, 27 Feb 2008 14:34:41 GMT

emmanuel.duru@atosorigin.com wrote:
> Full_Name: Emmanuel Duru
> Version: 2.3.39
> OS: Windows
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (195.68.44.148)

> I'm trying to set a directory architecture with a syncrepl push based
> replication, as (partly) stated in the admin guide, chapter 16.1.1.
> I have a provider slapd with bdb, an intermediate slapd with back-ldap, which
> points to a consumer slapd with bdb.
> First, I have to set an updateDN on the consumer slapd, else back-ldap gets a
> "no user modification allowed" error on operational attributes
> (structuralobjectclass, contextcsn) when it tries to update the consumer slapd

That is expected.

> (the admin guide says the opposite).

I guess the Admin Guide has a bug then. What exact section are you referring to?

> Then this does not work at all when modifying an entry, because back-ldap gets a
> "modify/delete: hasSubordinates: no such attribute" error when it tries to
> update the entry.

That's also expected, since hasSubordinates is a dynamically generated 
operational attribute (and also read-only, as I recall). You need to exclude 
any dynamically generated operational attributes from the syncrepl search.
E.g. 2.4's test045 specifically tests this scenario, and the syncrepl spec uses:
syncrepl    rid=1
         provider=ldap://localhost:9011/
         binddn="cn=Manager,dc=example,dc=com"
         bindmethod=simple
         credentials=secret
         searchbase="dc=example,dc=com"
         filter="(objectClass=*)"
 
attrs="*,structuralObjectClass,entryUUID,entryCSN,creatorsName,createTimestamp,modifiersName,modifyTimestamp"
         schemachecking=off
         scope=sub
         type=refreshAndPersist
         retry="5 5 300 5"

In general, while this is known to work in 2.3, you're better off using 2.4. 
(We intentionally did not include test045 in 2.3...)

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Prev by Date: (ITS#5393) syncrepl push based replication with back-ldap fails
Next by Date: (ITS#5395) Patch for test system
Index(es):
- Chronological
- Thread