[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Weird problem to add a record



hi,
thanks for your answer but they are some things I don t understand :

For sure I have dropped the updatedn line and now it works.


But :

when I put in my conf file :

replica host=ns-cache01b.int75.cvf:389
        binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
        bindmethod=simple credentials=meuh
        suffix="ou=prs,ou=dns,ou=site,o=cvf"
        suffix="ou=prs,ou=dns,ou=domain,o=cvf"

it means that I want those 2 branch to be replicated on another server
which is ns-cache01b. My current server is ns-cache01p ( note the 01p
and 01b ) on which I made my test.

I need the updatedn directive because my other server ns-cache01b will
replicate two other branch too.

here the replica directive for the second server.

replica host=ns-cache01p.int75.cvf:389
        binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
        bindmethod=simple credentials=replicator
        suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
        suffix="ou=bdx,ou=dns,ou=site,o=cvf"


With this configuration I want that two ldapserver ( for test purpose
but in real I will do that with 4 servers ) can be master of a part of
an ldap tree but will be "slave" of another part, but will _never_ write
on the slave branch.

ns-cache01P will be master for : 
suffix="ou=prs,ou=dns,ou=site,o=cvf"
suffix="ou=prs,ou=dns,ou=domain,o=cvf"

ns-cache01B will be master for : 

suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
suffix="ou=bdx,ou=dns,ou=site,o=cvf"


So i dont understand why an account cant write in a branch of an ldap
tree only because it s replicated on another server .


Is it clear ?




On ven, 2003-01-03 at 18:17, Bruno Spieler wrote:
>  
> Hi David,
>  
> Your slapd.conf shows that your server (or at least the "o=cvf"
> suffix) is a replica from another one (line "updatedn" in slapd.conf).
> Unless you have compiled with multimaster enabled, it means that only
> the dname specified by the "updatedn" statement can write in your
> directory.
>  
> Your "updatedn" and "rootdn" are the same dnames, that's why you can
> write with the root dname. I reckon the error returned with another
> dname is linked to the fact that no "updateref" statement is provided
> to support referrals.
>  
> The good configuration depends on what you actually want to do with
> your ldap server (getting rid of the "updatedn" statement would
> probably solve this problem, but the resulting architecture may not be
> what you are expecting)
>  
> HTH,
>  
> Bruno
>  
>  
>         ----- Original Message ----- 
>         From: MALFILATRE David
>         To: openldap-software@OpenLDAP.org
>         Sent: Friday, January 03, 2003 5:05 PM
>         Subject: Weird problem to add a record
>         
>         hi
>         
>         im contacting you because I have a problem I can t solve.
>         
>         With the rootdn account I can add my record but with another
>         account I cant .
>         
>         here is the information : 
>         
>         openldap-2.0.27 on a linux debian box
>         
>         here is the log :
>         
>         with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account : 
>         
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: read
>         activity on 9 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_get(9) 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_get(9):
>         got connid=0 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_read(9):
>         checking for input on id=0 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: ber_get_next on fd 9
>         failed errno=11 (Resource temporarily unavailable) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: do_add 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
>         listen=6 active_threads=2 tvp=NULL 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: do_add: ndn
>         (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
>         dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: => ldbm_cache_open(
>         "dn2id.dbb", 73, 600 ) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
>         (cache 0) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
>         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
>         tries) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in
>         cache) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 ) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
>         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
>         (found) (1 tries) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
>         0x80db920 (cache) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: ldbm_referrals:
>         op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
>         matched="ou=prs,ou=dns,ou=site,o=cvf" 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
>         cache_return_entry_r( 13 ): returned (0) 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
>         conn=0 op=2 p=2 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
>         10:: 
>         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response:
>         msgid=3 tag=105 err=32 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on
>         1 descriptors 
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on:
>         Jan  3 16:02:38 ns-cache01p slapd[27547]:  9r
>         Jan  3 16:02:38 ns-cache01p slapd[27547]: 
>         
>         with rootdn account : 
>         
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: read
>         activity on 9 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_get(9) 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_get(9):
>         got connid=1 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_read(9):
>         checking for input on id=1 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: do_add 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: do_add: ndn
>         (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
>         dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: ber_get_next on fd 9
>         failed errno=11 (Resource temporarily unavailable) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "dn2id.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
>         tries) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
>         cache) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
>         (found) (1 tries) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
>         0x80db920 (cache) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ldbm_referrals:
>         op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
>         matched="ou=prs,ou=dns,ou=site,o=cvf" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_return_entry_r( 13 ): returned (0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
>         ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "dn2id.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_required
>         entry (ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass
>         "domainRelatedObject" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
>         type "objectClass" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
>         type "associatedDomain" 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: select:
>         listen=6 active_threads=1 tvp=NULL 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
>         "OU=PRS,OU=DNS,OU=SITE,O=CVF" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
>         tries) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
>         cache) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
>         (found) (1 tries) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
>         0x80db920 (cache) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => access_allowed:
>         write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
>         requested 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= root access
>         granted 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "nextid.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 2) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => index_entry_add(
>         18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "objectClass.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 3) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: =>
>         key_change(ADD,12) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= key_change 0 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= index_entry_add(
>         18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
>         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "dn2id.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
>         "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
>         "id2entry.dbb", 73, 600 ) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
>         (cache 1) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_add 0 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
>         conn=1 op=2 p=2 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
>         0:: 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_response:
>         msgid=3 tag=105 err=0 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT
>         tag=105 err=0 text= 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_return_entry_w( 13 ): returned (0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
>         cache_return_entry_w( 18 ): created (0) 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on
>         1 descriptors 
>         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on:
>         
>         
>         Some part of my slapd.conf : 
>         
>         defaultaccess none
>         
>         access to attr=userpassword
>             by self read
>             by anonymous auth
>             by * none
>         
>         access to dn="ou=prs,ou=dns,ou=site,o=cvf"
>                 by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
>                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>         
>         access to dn="ou=prs,ou=dns,ou=domain,o=cvf"
>                 by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
>                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>         
>         access to *
>                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>         
>         database        ldbm
>         rootdn          "ou=replicator,ou=ldap,ou=user,o=cvf"
>         updatedn        "ou=replicator,ou=ldap,ou=user,o=cvf"
>         suffix          "o=cvf"
>         directory      
>         /usr/local/stow/openldap-2.0.27/var/openldap-ldbm
>         
>         replica host=ns-cache01b.int75.cvf:389
>                 binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
>                 bindmethod=simple credentials=meuh
>                 suffix="ou=prs,ou=dns,ou=site,o=cvf"
>                 suffix="ou=prs,ou=dns,ou=domain,o=cvf"
>         
>         
>         thanks in advance