[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Weird problem to add a record



thanks a lot for your answers : I understand really better my problems.

I have another question which is related to my first problem.

Suppose now, that I use another ldapserver which is the real ldap master
of all my ldap tree. I want that my replication goes threw this server
and the replicated on another servers.

The question is, does the real ldap master will be able to be updated
form a server and then replicate a branch to naother server ( if I
follow the method you explain )?

thanks in advance

On ven, 2003-01-03 at 19:11, Bruno Spieler wrote:
> Ok, I believe I got the point now
> 
> The problem is that, without multimaster stuff, a suffix of a given slapd
> cannot be master and slave, since the granularity of the "updatedn"
> statement is the whole suffix.
> 
> In your case, I guess you should use several suffix definitions and link
> them with the "subordinate" keyword.
> 
> Something like :
> - a root suffix "o=cvf" (master)
> - a subsuffix "ou=prs,ou=dns,ou=site,o=cvf" (master, subordinate of "o=cvf")
> - a subsuffix "ou=prs,ou=dns,ou=domain,o=cvf" (master, subordinate of
> "o=cvf")
> - a subsuffix "ou=bdx,ou=dns,ou=domain,o=cvf" (slave, with updatedn
> statement, subordinate of "o=cvf")
> - a subsuffix "ou=bdx,ou=dns,ou=site,o=cvf" (slave, with updatedn statement,
> subordinate of "o=cvf")
> 
> 
> I should work, but have a look at ITS#2137
> (http://www.OpenLDAP.org/its/index.cgi?findid=2137) to help you to define
> your replica statements.
> 
> If you can, you may try to modify your DIT to take replication issues into
> account in order to limit the total number of subsuffixes
> 
> 
> Bruno
> 
> ----- Original Message -----
> From: "MALFILATRE David" <malf@cvf.fr>
> To: "Bruno Spieler" <bruno.spieler@atosorigin.com>
> Cc: <openldap-software@OpenLDAP.org>
> Sent: Friday, January 03, 2003 6:44 PM
> Subject: Re: Weird problem to add a record
> 
> 
> > hi,
> > thanks for your answer but they are some things I don t understand :
> >
> > For sure I have dropped the updatedn line and now it works.
> >
> >
> > But :
> >
> > when I put in my conf file :
> >
> > replica host=ns-cache01b.int75.cvf:389
> >         binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> >         bindmethod=simple credentials=meuh
> >         suffix="ou=prs,ou=dns,ou=site,o=cvf"
> >         suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> >
> > it means that I want those 2 branch to be replicated on another server
> > which is ns-cache01b. My current server is ns-cache01p ( note the 01p
> > and 01b ) on which I made my test.
> >
> > I need the updatedn directive because my other server ns-cache01b will
> > replicate two other branch too.
> >
> > here the replica directive for the second server.
> >
> > replica host=ns-cache01p.int75.cvf:389
> >         binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> >         bindmethod=simple credentials=replicator
> >         suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> >         suffix="ou=bdx,ou=dns,ou=site,o=cvf"
> >
> >
> > With this configuration I want that two ldapserver ( for test purpose
> > but in real I will do that with 4 servers ) can be master of a part of
> > an ldap tree but will be "slave" of another part, but will _never_ write
> > on the slave branch.
> >
> > ns-cache01P will be master for :
> > suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> >
> > ns-cache01B will be master for :
> >
> > suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> > suffix="ou=bdx,ou=dns,ou=site,o=cvf"
> >
> >
> > So i dont understand why an account cant write in a branch of an ldap
> > tree only because it s replicated on another server .
> >
> >
> > Is it clear ?
> >
> >
> >
> >
> > On ven, 2003-01-03 at 18:17, Bruno Spieler wrote:
> > > 
> > > Hi David,
> > >
> > > Your slapd.conf shows that your server (or at least the "o=cvf"
> > > suffix) is a replica from another one (line "updatedn" in slapd.conf).
> > > Unless you have compiled with multimaster enabled, it means that only
> > > the dname specified by the "updatedn" statement can write in your
> > > directory.
> > >
> > > Your "updatedn" and "rootdn" are the same dnames, that's why you can
> > > write with the root dname. I reckon the error returned with another
> > > dname is linked to the fact that no "updateref" statement is provided
> > > to support referrals.
> > >
> > > The good configuration depends on what you actually want to do with
> > > your ldap server (getting rid of the "updatedn" statement would
> > > probably solve this problem, but the resulting architecture may not be
> > > what you are expecting)
> > >
> > > HTH,
> > >
> > > Bruno
> > >
> > >
> > >         ----- Original Message -----
> > >         From: MALFILATRE David
> > >         To: openldap-software@OpenLDAP.org
> > >         Sent: Friday, January 03, 2003 5:05 PM
> > >         Subject: Weird problem to add a record
> > >
> > >         hi
> > >
> > >         im contacting you because I have a problem I can t solve.
> > >
> > >         With the rootdn account I can add my record but with another
> > >         account I cant .
> > >
> > >         here is the information :
> > >
> > >         openldap-2.0.27 on a linux debian box
> > >
> > >         here is the log :
> > >
> > >         with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account :
> > >
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: read
> > >         activity on 9
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_get(9)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_get(9):
> > >         got connid=0
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: connection_read(9):
> > >         checking for input on id=0
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > >         failed errno=11 (Resource temporarily unavailable)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: do_add
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
> > >         listen=6 active_threads=2 tvp=NULL
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: do_add: ndn
> > >         (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
> > >         dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: => ldbm_cache_open(
> > >         "dn2id.dbb", 73, 600 )
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
> > >         (cache 0)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
> > >         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > >         tries)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in
> > >         cache)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 )
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
> > >         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > >         (found) (1 tries)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
> > >         0x80db920 (cache)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: ldbm_referrals:
> > >         op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > >         matched="ou=prs,ou=dns,ou=site,o=cvf"
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: ====>
> > >         cache_return_entry_r( 13 ): returned (0)
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > >         conn=0 op=2 p=2
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > >         10::
> > >         Jan  3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response:
> > >         msgid=3 tag=105 err=32
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on
> > >         1 descriptors
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on:
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]:  9r
> > >         Jan  3 16:02:38 ns-cache01p slapd[27547]:
> > >
> > >         with rootdn account :
> > >
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: read
> > >         activity on 9
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_get(9)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_get(9):
> > >         got connid=1
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: connection_read(9):
> > >         checking for input on id=1
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: do_add
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: do_add: ndn
> > >         (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
> > >         dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > >         failed errno=11 (Resource temporarily unavailable)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "dn2id.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > >         tries)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > >         cache)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > >         (found) (1 tries)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
> > >         0x80db920 (cache)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ldbm_referrals:
> > >         op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > >         matched="ou=prs,ou=dns,ou=site,o=cvf"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_return_entry_r( 13 ): returned (0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
> > >         ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "dn2id.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_required
> > >         entry (ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass
> > >         "domainRelatedObject"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > >         type "objectClass"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > >         type "associatedDomain"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: select:
> > >         listen=6 active_threads=1 tvp=NULL
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > >         "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > >         tries)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > >         cache)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > >         (found) (1 tries)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
> > >         0x80db920 (cache)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => access_allowed:
> > >         write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
> > >         requested
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= root access
> > >         granted
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "nextid.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 2)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => index_entry_add(
> > >         18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "objectClass.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 3)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: =>
> > >         key_change(ADD,12)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= key_change 0
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= index_entry_add(
> > >         18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
> > >         "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "dn2id.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
> > >         "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > >         "id2entry.dbb", 73, 600 )
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > >         (cache 1)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_add 0
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > >         conn=1 op=2 p=2
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > >         0::
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: send_ldap_response:
> > >         msgid=3 tag=105 err=0
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT
> > >         tag=105 err=0 text=
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_return_entry_w( 13 ): returned (0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27554]: ====>
> > >         cache_return_entry_w( 18 ): created (0)
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on
> > >         1 descriptors
> > >         Jan  3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on:
> > >
> > >
> > >         Some part of my slapd.conf :
> > >
> > >         defaultaccess none
> > >
> > >         access to attr=userpassword
> > >             by self read
> > >             by anonymous auth
> > >             by * none
> > >
> > >         access to dn="ou=prs,ou=dns,ou=site,o=cvf"
> > >                 by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > >                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > >         access to dn="ou=prs,ou=dns,ou=domain,o=cvf"
> > >                 by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > >                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > >         access to *
> > >                 by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > >         database        ldbm
> > >         rootdn          "ou=replicator,ou=ldap,ou=user,o=cvf"
> > >         updatedn        "ou=replicator,ou=ldap,ou=user,o=cvf"
> > >         suffix          "o=cvf"
> > >         directory
> > >         /usr/local/stow/openldap-2.0.27/var/openldap-ldbm
> > >
> > >         replica host=ns-cache01b.int75.cvf:389
> > >                 binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> > >                 bindmethod=simple credentials=meuh
> > >                 suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > >                 suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> > >
> > >
> > >         thanks in advance
> >
> 
>