[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Weird problem to add a record
thanks a lot for your answers : I understand really better my problems.
I have another question which is related to my first problem.
Suppose now, that I use another ldapserver which is the real ldap master
of all my ldap tree. I want that my replication goes threw this server
and the replicated on another servers.
The question is, does the real ldap master will be able to be updated
form a server and then replicate a branch to naother server ( if I
follow the method you explain )?
thanks in advance
On ven, 2003-01-03 at 19:11, Bruno Spieler wrote:
> Ok, I believe I got the point now
>
> The problem is that, without multimaster stuff, a suffix of a given slapd
> cannot be master and slave, since the granularity of the "updatedn"
> statement is the whole suffix.
>
> In your case, I guess you should use several suffix definitions and link
> them with the "subordinate" keyword.
>
> Something like :
> - a root suffix "o=cvf" (master)
> - a subsuffix "ou=prs,ou=dns,ou=site,o=cvf" (master, subordinate of "o=cvf")
> - a subsuffix "ou=prs,ou=dns,ou=domain,o=cvf" (master, subordinate of
> "o=cvf")
> - a subsuffix "ou=bdx,ou=dns,ou=domain,o=cvf" (slave, with updatedn
> statement, subordinate of "o=cvf")
> - a subsuffix "ou=bdx,ou=dns,ou=site,o=cvf" (slave, with updatedn statement,
> subordinate of "o=cvf")
>
>
> I should work, but have a look at ITS#2137
> (http://www.OpenLDAP.org/its/index.cgi?findid=2137) to help you to define
> your replica statements.
>
> If you can, you may try to modify your DIT to take replication issues into
> account in order to limit the total number of subsuffixes
>
>
> Bruno
>
> ----- Original Message -----
> From: "MALFILATRE David" <malf@cvf.fr>
> To: "Bruno Spieler" <bruno.spieler@atosorigin.com>
> Cc: <openldap-software@OpenLDAP.org>
> Sent: Friday, January 03, 2003 6:44 PM
> Subject: Re: Weird problem to add a record
>
>
> > hi,
> > thanks for your answer but they are some things I don t understand :
> >
> > For sure I have dropped the updatedn line and now it works.
> >
> >
> > But :
> >
> > when I put in my conf file :
> >
> > replica host=ns-cache01b.int75.cvf:389
> > binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> > bindmethod=simple credentials=meuh
> > suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> >
> > it means that I want those 2 branch to be replicated on another server
> > which is ns-cache01b. My current server is ns-cache01p ( note the 01p
> > and 01b ) on which I made my test.
> >
> > I need the updatedn directive because my other server ns-cache01b will
> > replicate two other branch too.
> >
> > here the replica directive for the second server.
> >
> > replica host=ns-cache01p.int75.cvf:389
> > binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> > bindmethod=simple credentials=replicator
> > suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> > suffix="ou=bdx,ou=dns,ou=site,o=cvf"
> >
> >
> > With this configuration I want that two ldapserver ( for test purpose
> > but in real I will do that with 4 servers ) can be master of a part of
> > an ldap tree but will be "slave" of another part, but will _never_ write
> > on the slave branch.
> >
> > ns-cache01P will be master for :
> > suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> >
> > ns-cache01B will be master for :
> >
> > suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> > suffix="ou=bdx,ou=dns,ou=site,o=cvf"
> >
> >
> > So i dont understand why an account cant write in a branch of an ldap
> > tree only because it s replicated on another server .
> >
> >
> > Is it clear ?
> >
> >
> >
> >
> > On ven, 2003-01-03 at 18:17, Bruno Spieler wrote:
> > >
> > > Hi David,
> > >
> > > Your slapd.conf shows that your server (or at least the "o=cvf"
> > > suffix) is a replica from another one (line "updatedn" in slapd.conf).
> > > Unless you have compiled with multimaster enabled, it means that only
> > > the dname specified by the "updatedn" statement can write in your
> > > directory.
> > >
> > > Your "updatedn" and "rootdn" are the same dnames, that's why you can
> > > write with the root dname. I reckon the error returned with another
> > > dname is linked to the fact that no "updateref" statement is provided
> > > to support referrals.
> > >
> > > The good configuration depends on what you actually want to do with
> > > your ldap server (getting rid of the "updatedn" statement would
> > > probably solve this problem, but the resulting architecture may not be
> > > what you are expecting)
> > >
> > > HTH,
> > >
> > > Bruno
> > >
> > >
> > > ----- Original Message -----
> > > From: MALFILATRE David
> > > To: openldap-software@OpenLDAP.org
> > > Sent: Friday, January 03, 2003 5:05 PM
> > > Subject: Weird problem to add a record
> > >
> > > hi
> > >
> > > im contacting you because I have a problem I can t solve.
> > >
> > > With the rootdn account I can add my record but with another
> > > account I cant .
> > >
> > > here is the information :
> > >
> > > openldap-2.0.27 on a linux debian box
> > >
> > > here is the log :
> > >
> > > with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account :
> > >
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: read
> > > activity on 9
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9)
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9):
> > > got connid=0
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_read(9):
> > > checking for input on id=0
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > > failed errno=11 (Resource temporarily unavailable)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
> > > listen=6 active_threads=2 tvp=NULL
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add: ndn
> > > (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
> > > dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: => ldbm_cache_open(
> > > "dn2id.dbb", 73, 600 )
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
> > > (cache 0)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > > tries)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in
> > > cache)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 )
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > > (found) (1 tries)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
> > > 0x80db920 (cache)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: ldbm_referrals:
> > > op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > > matched="ou=prs,ou=dns,ou=site,o=cvf"
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > > cache_return_entry_r( 13 ): returned (0)
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > > conn=0 op=2 p=2
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > > 10::
> > > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response:
> > > msgid=3 tag=105 err=32
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on
> > > 1 descriptors
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on:
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]: 9r
> > > Jan 3 16:02:38 ns-cache01p slapd[27547]:
> > >
> > > with rootdn account :
> > >
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: read
> > > activity on 9
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9)
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9):
> > > got connid=1
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_read(9):
> > > checking for input on id=1
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add: ndn
> > > (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
> > > dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > > failed errno=11 (Resource temporarily unavailable)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "dn2id.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > > tries)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > > cache)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > > (found) (1 tries)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
> > > 0x80db920 (cache)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ldbm_referrals:
> > > op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > > matched="ou=prs,ou=dns,ou=site,o=cvf"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_return_entry_r( 13 ): returned (0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
> > > ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "dn2id.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_required
> > > entry (ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass
> > > "domainRelatedObject"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > > type "objectClass"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > > type "associatedDomain"
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: select:
> > > listen=6 active_threads=1 tvp=NULL
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > > tries)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > > cache)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > > (found) (1 tries)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
> > > 0x80db920 (cache)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => access_allowed:
> > > write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
> > > requested
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= root access
> > > granted
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "nextid.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 2)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => index_entry_add(
> > > 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "objectClass.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 3)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
> > > key_change(ADD,12)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= key_change 0
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= index_entry_add(
> > > 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
> > > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "dn2id.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
> > > "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > > "id2entry.dbb", 73, 600 )
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > > (cache 1)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_add 0
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > > conn=1 op=2 p=2
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > > 0::
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_response:
> > > msgid=3 tag=105 err=0
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT
> > > tag=105 err=0 text=
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_return_entry_w( 13 ): returned (0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > > cache_return_entry_w( 18 ): created (0)
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on
> > > 1 descriptors
> > > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on:
> > >
> > >
> > > Some part of my slapd.conf :
> > >
> > > defaultaccess none
> > >
> > > access to attr=userpassword
> > > by self read
> > > by anonymous auth
> > > by * none
> > >
> > > access to dn="ou=prs,ou=dns,ou=site,o=cvf"
> > > by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > > access to dn="ou=prs,ou=dns,ou=domain,o=cvf"
> > > by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > > access to *
> > > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> > >
> > > database ldbm
> > > rootdn "ou=replicator,ou=ldap,ou=user,o=cvf"
> > > updatedn "ou=replicator,ou=ldap,ou=user,o=cvf"
> > > suffix "o=cvf"
> > > directory
> > > /usr/local/stow/openldap-2.0.27/var/openldap-ldbm
> > >
> > > replica host=ns-cache01b.int75.cvf:389
> > > binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> > > bindmethod=simple credentials=meuh
> > > suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > > suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> > >
> > >
> > > thanks in advance
> >
>
>