[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7691) syncrepl does not work with names start with depth
This is a multi-part message in MIME format.
--------------010103040709080503030708
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
One more thing: the ldap master version is
Openldap 2.3.40 on sunOS
While the ldap slave is :
OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54)
On 09/12/13 10:23, CHEW Chee Siang wrote:
> One more thing. The entry with "cn=depth" name won't sync only when
> adding entries to ou=mailinglist. Somehow it is ok with ou=people.
>
>
>
> "Master" LDAP configuration:
> /Include /go/to/core.schema//
> //Include /go/to/cosine.schema//
> //Include /go/to/inetorgperson.schema//
> //Include /go/to/nis.schema//
> //Include /go/to/samba.schema//
> //Include /go/to/test.schema//
> //pidfile /go/to/slapd.pid//
> //argsfile /go/to/slapd.args/
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> /TLSCACertificateFile /go/to/ldap.pem//
> //TLSCertificateFile /go/to/ldap.pem//
> //TLSCertificateKeyFile /go/to/ldap.key/
>
> access to attrs=userPassword
> by self write
> by users read
> by peername.ip=127.0.0.1 read
> by peername.ip=10.X.0.0%255.255.0.0 read
> by peername.ip=172.X.129.132 read
> by peername.ip=172.X.1.109 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=X.X.68.0%255.255.255.0 read
> by anonymous auth
>
> access to attrs=cryptPassword,md5Password,shadowLastChange
> by self write
> by users read
> by peername.ip=127.0.0.1 read
> by peername.ip=10.217.0.0%255.255.0.0 read
> by peername.ip=172.X.129.132 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=X.X.68.0%255.255.255.0 read
> by anonymous none
>
> access to dn.subtree="ou=zgroups,dc=test,dc=com
> by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write
> by self read
> by users read
> by peername.ip=127.0.0.1 read
> by peername.ip=10.X.0.0%255.255.0.0 read
> by peername.ip=X.X.X.0%255.255.255.0 read
> by peername.ip=172.X.129.132 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by anonymous none
>
> access to *
> by self read
> by users read
> by peername.ip=127.0.0.1 read
> by peername.ip=10.X.0.0%255.255.0.0 read
> by peername.ip=172.X.129.132 read
> by peername.ip=172.X.1.109 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=172.X.0.0%255.255.0.0 read
> by peername.ip=X.X.68.0%255.255.255.0 read
> by anonymous none
>
> # Database backend configuration.
>
> allow bind_v2
> database bdb
> password-hash {CRYPT}
> directory /go/to/ldap-master
> suffix "dc=test,dc=com"
> rootdn "cn=root,dc=test,dc=com"
> rootpw secret
> index objectClass,uid,uidNumber,entryCSN,entryUUID pres,eq
>
> # Configure syncrepl (provider)
>
> overlay syncprov
> syncprov-checkpoint 1 1 # <ops> <minutes>
> syncprov-sessionlog 100 # <max number of session logs>
>
>
>
>
> "Slave" LDAP configuration:
> include /usr/local/openldap/etc/openldap/schema/core.schema
> include //usr/local/openldap/etc/openldap/schema/test.schema/
> include /usr/local/openldap/etc/openldap/schema/cosine.schema
> include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
> include /usr/local/openldap/etc/openldap/schema/nis.schema
> include /usr/local/openldap/etc/openldap/schema/samba.schema
>
>
> # Define global ACLs to disable default read access.
> allow bind_v2
>
> pidfile /usr/local/openldap/var/run/slapd.pid
> argsfile /usr/local/openldap/var/run/slapd.args
> loglevel 256
> moduleload back_hdb.la
> moduleload syncprov.la
> moduleload back_monitor.la
> moduleload back_ldap.la
>
> access to *
> by self write
> by users read
> by peername.ip=127.0.0.1 read
> by peername.ip=172.20.201.0%255.255.255.0 read
> by anonymous read
>
> #######################################################################
> # BDB database definitions
> #######################################################################
>
> database bdb
> suffix /"dc=test,dc=com"/
> rootdn "cn=Manager,/dc=test,dc=com"/
> rootpw secret
> directory /usr/local/openldap/var/openldap-data
>
> # Indices to maintain
> index cn,sn,uid pres,eq,approx,sub
> index objectClass eq
>
>
> index entryCSN,entryUUID eq
> syncrepl rid=1
> provider=/ldap://ldap-master.com/
> type=refreshOnly
> interval=00:00:00:30
> searchbase=/"dc=test,dc=com"/
> scope=sub
> schemachecking=off
> bindmethod=simple
> binddn=/"cn=ldaplogin,ou=people,dc=test,dc=com"/
> credentials=/secret/
>
>
> On 09/12/13 05:57, Quanah Gibson-Mount wrote:
>> --On Wednesday, September 11, 2013 8:03 AM +0000
>> chewcs@bii.a-star.edu.sg wrote:
>>
>>> Full_Name: Chew Chee Siang
>>> Version: slapd 2.4.36
>>> OS: CentOS 6.4
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (123.136.68.2)
>>>
>>>
>>> The setup is a master-slave configuration
>>> Whenever a new user with name starting with "depth" is created at
>>> master,
>>> the record will not be sync to slave using syncrepl.
>>> The other records are ok.
>>> For e.g. cn=depth-maker,ou=people,dc=tt,dc=com
>>> or cn=depth,ou=people,dc=tt,dc=com
>>
>> Provide your configuration minus passwords.
>>
>> --Quanah
>>
>>
>>
>> --
>>
>> Quanah Gibson-Mount
>> Lead Engineer
>> Zimbra, Inc
>> --------------------
>> Zimbra :: the leader in open source messaging and collaboration
>>
>
--------------010103040709080503030708
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">One more thing: the ldap master version
is <br>
<pre wrap="">Openldap 2.3.40 on sunOS
</pre>
<pre wrap=""><font face="sans-serif">While the ldap slave is :</font>
</pre>
OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54)<br>
<br>
<br>
On 09/12/13 10:23, CHEW Chee Siang wrote:<br>
</div>
<blockquote cite="mid:523125B9.2020004@bii.a-star.edu.sg"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
<div class="moz-cite-prefix">One more thing. The entry with
"cn=depth" name won't sync only when adding entries to
ou=mailinglist. Somehow it is ok with ou=people.<br>
<br>
<br>
<br>
"Master" LDAP configuration:<br>
<i>Include /go/to/core.schema</i><i><br>
</i><i>Include /go/to/cosine.schema</i><i><br>
</i><i>Include /go/to/inetorgperson.schema</i><i><br>
</i><i>Include /go/to/nis.schema</i><i><br>
</i><i>Include /go/to/samba.schema</i><i><br>
</i><i>Include /go/to/test.schema</i><i><br>
</i><i>pidfile /go/to/slapd.pid</i><i><br>
</i><i>argsfile /go/to/slapd.args</i><br>
<br>
TLSCipherSuite HIGH:MEDIUM:+SSLv2<br>
<i>TLSCACertificateFile /go/to/ldap.pem</i><i><br>
</i><i>TLSCertificateFile /go/to/ldap.pem</i><i><br>
</i><i>TLSCertificateKeyFile /go/to/ldap.key</i><br>
<br>
access to attrs=userPassword<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.1.109 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous auth<br>
<br>
access to attrs=cryptPassword,md5Password,shadowLastChange<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.217.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous none<br>
<br>
access to dn.subtree="ou=zgroups,dc=test,dc=com<br>
by dn.base="cn=webXXX,ou=people,dc=test,dc=com" write<br>
by self read<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.X.0%255.255.255.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by anonymous none<br>
<br>
access to *<br>
by self read<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=10.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.129.132 read<br>
by peername.ip=172.X.1.109 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=172.X.0.0%255.255.0.0 read<br>
by peername.ip=X.X.68.0%255.255.255.0 read<br>
by anonymous none<br>
<br>
# Database backend configuration.<br>
<br>
allow bind_v2<br>
database bdb<br>
password-hash {CRYPT}<br>
directory /go/to/ldap-master<br>
suffix "dc=test,dc=com"<br>
rootdn "cn=root,dc=test,dc=com"<br>
rootpw secret<br>
index objectClass,uid,uidNumber,entryCSN,entryUUID
pres,eq<br>
<br>
# Configure syncrepl (provider)<br>
<br>
overlay syncprov<br>
syncprov-checkpoint 1 1 # <ops> <minutes><br>
syncprov-sessionlog 100 # <max number of session
logs><br>
<br>
<br>
<br>
<br>
"Slave" LDAP configuration:<br>
include
/usr/local/openldap/etc/openldap/schema/core.schema<br>
include <i>/usr/local/openldap/etc/openldap/schema/test.schema</i><br>
include
/usr/local/openldap/etc/openldap/schema/cosine.schema<br>
include
/usr/local/openldap/etc/openldap/schema/inetorgperson.schema<br>
include /usr/local/openldap/etc/openldap/schema/nis.schema<br>
include /usr/local/openldap/etc/openldap/schema/samba.schema<br>
<br>
<br>
# Define global ACLs to disable default read access.<br>
allow bind_v2<br>
<br>
pidfile /usr/local/openldap/var/run/slapd.pid<br>
argsfile /usr/local/openldap/var/run/slapd.args<br>
loglevel 256<br>
moduleload back_hdb.la<br>
moduleload syncprov.la<br>
moduleload back_monitor.la<br>
moduleload back_ldap.la<br>
<br>
access to *<br>
by self write<br>
by users read<br>
by peername.ip=127.0.0.1 read<br>
by peername.ip=172.20.201.0%255.255.255.0 read<br>
by anonymous read<br>
<br>
#######################################################################<br>
# BDB database definitions<br>
#######################################################################<br>
<br>
database bdb<br>
suffix <i>"dc=test,dc=com"</i><br>
rootdn "cn=Manager,<i>dc=test,dc=com"</i><br>
rootpw secret<br>
directory /usr/local/openldap/var/openldap-data<br>
<br>
# Indices to maintain<br>
index cn,sn,uid pres,eq,approx,sub<br>
index objectClass eq<br>
<br>
<br>
index entryCSN,entryUUID eq<br>
syncrepl rid=1<br>
provider=<i><a moz-do-not-send="true"
class="moz-txt-link-freetext">ldap://ldap-master.com</a></i><br>
type=refreshOnly<br>
interval=00:00:00:30<br>
searchbase=<i>"dc=test,dc=com"</i><br>
scope=sub<br>
schemachecking=off<br>
bindmethod=simple<br>
binddn=<i>"cn=ldaplogin,ou=people,dc=test,dc=com"</i><br>
credentials=<i>secret</i><br>
<br>
<br>
On 09/12/13 05:57, Quanah Gibson-Mount wrote:<br>
</div>
<blockquote cite="mid:75FEF2DB661402B3EB284EDD@%5B192.168.1.22%5D"
type="cite">--On Wednesday, September 11, 2013 8:03 AM +0000 <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:chewcs@bii.a-star.edu.sg";>chewcs@bii.a-star.edu.sg</a>
wrote: <br>
<br>
<blockquote type="cite">Full_Name: Chew Chee Siang <br>
Version: slapd 2.4.36 <br>
OS: CentOS 6.4 <br>
URL: <a moz-do-not-send="true" class="moz-txt-link-freetext"
href="ftp://ftp.openldap.org/incoming/";>ftp://ftp.openldap.org/incoming/</a>
<br>
Submission from: (NULL) (123.136.68.2) <br>
<br>
<br>
The setup is a master-slave configuration <br>
Whenever a new user with name starting with "depth" is created
at master, <br>
the record will not be sync to slave using syncrepl. <br>
The other records are ok. <br>
For e.g. cn=depth-maker,ou=people,dc=tt,dc=com <br>
or cn=depth,ou=people,dc=tt,dc=com <br>
</blockquote>
<br>
Provide your configuration minus passwords. <br>
<br>
--Quanah <br>
<br>
<br>
<br>
-- <br>
<br>
Quanah Gibson-Mount <br>
Lead Engineer <br>
Zimbra, Inc <br>
-------------------- <br>
Zimbra :: the leader in open source messaging and collaboration
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>
--------------010103040709080503030708--