[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Weird problem to add a record
hi,
thanks for your answer but they are some things I don t understand :
For sure I have dropped the updatedn line and now it works.
But :
when I put in my conf file :
replica host=ns-cache01b.int75.cvf:389
binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
bindmethod=simple credentials=meuh
suffix="ou=prs,ou=dns,ou=site,o=cvf"
suffix="ou=prs,ou=dns,ou=domain,o=cvf"
it means that I want those 2 branch to be replicated on another server
which is ns-cache01b. My current server is ns-cache01p ( note the 01p
and 01b ) on which I made my test.
I need the updatedn directive because my other server ns-cache01b will
replicate two other branch too.
here the replica directive for the second server.
replica host=ns-cache01p.int75.cvf:389
binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
bindmethod=simple credentials=replicator
suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
suffix="ou=bdx,ou=dns,ou=site,o=cvf"
With this configuration I want that two ldapserver ( for test purpose
but in real I will do that with 4 servers ) can be master of a part of
an ldap tree but will be "slave" of another part, but will _never_ write
on the slave branch.
ns-cache01P will be master for :
suffix="ou=prs,ou=dns,ou=site,o=cvf"
suffix="ou=prs,ou=dns,ou=domain,o=cvf"
ns-cache01B will be master for :
suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
suffix="ou=bdx,ou=dns,ou=site,o=cvf"
So i dont understand why an account cant write in a branch of an ldap
tree only because it s replicated on another server .
Is it clear ?
On ven, 2003-01-03 at 18:17, Bruno Spieler wrote:
>
> Hi David,
>
> Your slapd.conf shows that your server (or at least the "o=cvf"
> suffix) is a replica from another one (line "updatedn" in slapd.conf).
> Unless you have compiled with multimaster enabled, it means that only
> the dname specified by the "updatedn" statement can write in your
> directory.
>
> Your "updatedn" and "rootdn" are the same dnames, that's why you can
> write with the root dname. I reckon the error returned with another
> dname is linked to the fact that no "updateref" statement is provided
> to support referrals.
>
> The good configuration depends on what you actually want to do with
> your ldap server (getting rid of the "updatedn" statement would
> probably solve this problem, but the resulting architecture may not be
> what you are expecting)
>
> HTH,
>
> Bruno
>
>
> ----- Original Message -----
> From: MALFILATRE David
> To: openldap-software@OpenLDAP.org
> Sent: Friday, January 03, 2003 5:05 PM
> Subject: Weird problem to add a record
>
> hi
>
> im contacting you because I have a problem I can t solve.
>
> With the rootdn account I can add my record but with another
> account I cant .
>
> here is the information :
>
> openldap-2.0.27 on a linux debian box
>
> here is the log :
>
> with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account :
>
> Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: read
> activity on 9
> Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9)
> Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9):
> got connid=0
> Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_read(9):
> checking for input on id=0
> Jan 3 16:02:38 ns-cache01p slapd[27547]: ber_get_next on fd 9
> failed errno=11 (Resource temporarily unavailable)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add
> Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
> listen=6 active_threads=2 tvp=NULL
> Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add: ndn
> (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
> dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:02:38 ns-cache01p slapd[27552]: => ldbm_cache_open(
> "dn2id.dbb", 73, 600 )
> Jan 3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
> (cache 0)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID
> Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> tries)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in
> cache)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 )
> Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> (found) (1 tries)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
> 0x80db920 (cache)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: ldbm_referrals:
> op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> matched="ou=prs,ou=dns,ou=site,o=cvf"
> Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> cache_return_entry_r( 13 ): returned (0)
> Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> conn=0 op=2 p=2
> Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> 10::
> Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response:
> msgid=3 tag=105 err=32
> Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on
> 1 descriptors
> Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on:
> Jan 3 16:02:38 ns-cache01p slapd[27547]: 9r
> Jan 3 16:02:38 ns-cache01p slapd[27547]:
>
> with rootdn account :
>
> Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: read
> activity on 9
> Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9)
> Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9):
> got connid=1
> Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_read(9):
> checking for input on id=1
> Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add
> Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add: ndn
> (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
> dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:06:03 ns-cache01p slapd[27547]: ber_get_next on fd 9
> failed errno=11 (Resource temporarily unavailable)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "dn2id.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 0)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> tries)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> cache)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> (found) (1 tries)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
> 0x80db920 (cache)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ldbm_referrals:
> op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> matched="ou=prs,ou=dns,ou=site,o=cvf"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_return_entry_r( 13 ): returned (0)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
> ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "dn2id.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 0)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_required
> entry (ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass
> "domainRelatedObject"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> type "objectClass"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> type "associatedDomain"
> Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: select:
> listen=6 active_threads=1 tvp=NULL
> Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
> "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> tries)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> cache)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> (found) (1 tries)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
> 0x80db920 (cache)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => access_allowed:
> write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
> requested
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= root access
> granted
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "nextid.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 2)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => index_entry_add(
> 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "objectClass.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 3)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
> key_change(ADD,12)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= key_change 0
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= index_entry_add(
> 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
> "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "dn2id.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 0)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
> "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> "id2entry.dbb", 73, 600 )
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> (cache 1)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_add 0
> Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> conn=1 op=2 p=2
> Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> 0::
> Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_response:
> msgid=3 tag=105 err=0
> Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT
> tag=105 err=0 text=
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_return_entry_w( 13 ): returned (0)
> Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> cache_return_entry_w( 18 ): created (0)
> Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on
> 1 descriptors
> Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on:
>
>
> Some part of my slapd.conf :
>
> defaultaccess none
>
> access to attr=userpassword
> by self read
> by anonymous auth
> by * none
>
> access to dn="ou=prs,ou=dns,ou=site,o=cvf"
> by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>
> access to dn="ou=prs,ou=dns,ou=domain,o=cvf"
> by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>
> access to *
> by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
>
> database ldbm
> rootdn "ou=replicator,ou=ldap,ou=user,o=cvf"
> updatedn "ou=replicator,ou=ldap,ou=user,o=cvf"
> suffix "o=cvf"
> directory
> /usr/local/stow/openldap-2.0.27/var/openldap-ldbm
>
> replica host=ns-cache01b.int75.cvf:389
> binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> bindmethod=simple credentials=meuh
> suffix="ou=prs,ou=dns,ou=site,o=cvf"
> suffix="ou=prs,ou=dns,ou=domain,o=cvf"
>
>
> thanks in advance