[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: modify upon the root DSE not supported
Ok , thank you for your answer , but id doesn't resolve the probleme
i attached slapd.conf of the master and the slave and log files for master
and slave .
the master is in ldap://ok.domain.com with tls in the port 11101
the slave in ok2.domain.com in the port 10001
in the java client LdapBrowserEditor , connected to the slave , i triyed to
modify the entry CN=MAIL,O=SYSLDAP,DC=domain,DC=COM , and i have the entry in
the log file .
Thanks a lot !
Hatil
Le Mercredi 5 Mars 2003 12:11, vous avez écrit :
> On Tue, Mar 04, 2003 at 04:39:09PM +0000, hatim wrote:
> > I m using openldap-2.0.27 in 2 servers : server1 and server2
> >
> > server 1 is the master and server2 the slave
> >
> > when i change some data in the master , the slave is updated without any
> > problem
> > but when i try to modify some data in the slave , the slave contacts
> > the master , and i have this error in the master
> > conn=0 op=1 RESULT tag=103 err=53 text=modify upon the root DSE not
> > supported
>
> You will probably find that the slave sends a referral back to the
> client, which in turn re-tries the update on the master. Your log
> extract was not enough to really tell what is happenning, but I
> suspect that you have a problem with the 'updateref' entry in the
> slave config file. The format of the URL is very critical. It should
> look something like this:
>
> updateref ldap://master-server.example.org/
>
> NOTE the trailing slash on the URL.
>
> If this is not the problem, please post the slapd.conf files for both
> master and slave servers along with extracts from both logs showing
> the clomplete life of the connection and modfiy attempt.
>
> Note also that there is a problem with the OpenLDAP client library
> that causes it to bind anonymously when chasing referrals
> automatically. This is rather a showstopper for updates!
>
> Andrew
daemon: activity on 1 descriptors
daemon: activity on: 11r
daemon: read activity on 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
tls_read: want=5, got=5
0000: 17 03 01 00 8f .....
tls_read: want=143, got=143
0000: 01 32 e1 dd 74 d4 1e 5e 9f 35 c4 3b 4f fc b8 bc .2..t..^.5.;O...
0010: 09 0f 31 41 25 c1 4f 6b c3 52 a3 f6 aa dc 26 12 ..1A%.Ok.R....&.
0020: d5 8e 75 97 1b f5 ad 13 a1 fa 94 2a e5 ce 31 fe ..u........*..1.
0030: e6 26 7f d9 cd e7 23 22 9c 14 58 c8 4d ee 58 57 .&....#"..X.M.XW
0040: f4 9a 29 90 2e bc b3 b7 52 05 6a 02 c8 16 c6 ed ..).....R.j.....
0050: 21 cd 1d 84 0a 86 d0 9d c9 f3 82 08 d8 ec 75 87 !.............u.
0060: 6d 66 95 ff 15 38 33 0a 22 ff 72 d2 60 bd 6a 48 mf...83.".r.`.jH
0070: 08 84 f4 e9 2a d9 d8 33 10 68 d3 ca 77 1e 33 f3 ....*..3.h..w.3.
0080: 68 32 6f 17 8c bc 1c aa 1e 5c a9 69 a3 e2 e7 h2o......\.i...
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 7d }
ldap_read: want=125, got=125
0000: 02 01 07 66 78 04 24 63 6e 3d 6d 61 69 6c 2c 20 ...fx.$cn=mail,
0010: 6f 3d 73 79 73 6c 64 61 70 2c 20 64 63 3d 73 6f o=sysldap, dc=do
0020: 61 6d 61 69 2c 64 63 3d 63 6f 6d 30 50 30 38 0a main,dc=com0P08.
0030: 01 02 30 33 04 0c 75 73 65 72 50 61 73 73 77 6f ..03..userPasswo
0040: 72 64 31 23 04 21 7b 53 48 41 7d 6f 6a 52 61 69 rd1#.!{SHA}ojRai
0050: 6a 6a 46 63 35 59 6a 6c 71 58 38 54 58 4d 38 53 jjFc5YjlqX8TiXM8S
0060: 35 7a 4d 48 67 55 3d 30 14 0a 01 02 30 0f 04 02 5zMHgU=0....0...
0070: 73 6e 31 09 04 07 6d 61 69 6c 20 79 6f sn1...mail yo
ber_get_next: tag 0x30 len 125 contents:
ber_dump: buf=0x08129ff8 ptr=0x08129ff8 end=0x0812a075 len=125
0000: 02 01 07 66 78 04 24 63 6e 3d 6d 61 69 6c 2c 20 ...fx.$cn=mail,
0010: 6f 3d 73 79 73 6c 64 61 70 2c 20 64 63 3d 73 6f o=sysldap, dc=do
0020: 61 6d 61 69 2c 64 63 3d 63 6f 6d 30 50 30 38 0a maindc=com0P08.
0030: 01 02 30 33 04 0c 75 73 65 72 50 61 73 73 77 6f ..03..userPasswo
0040: 72 64 31 23 04 21 7b 53 48 41 7d 6f 6a 52 61 69 rd1#.!{SHA}ojRai
0050: 6a 6a 46 63 35 59 6a 6c 71 58 38 54 58 4d 38 53 jjFc5YjlqX8TiXM8S
0060: 35 7a 4d 48 67 55 3d 30 14 0a 01 02 30 0f 04 02 5zMHgU=0....0...
0070: 73 6e 31 09 04 07 6d 61 69 6c 20 79 6f sn1...mail yo
ber_get_next
tls_read: want=5 error=Resource temporarily unavailable
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
do_modify
ber_scanf fmt ({a) ber:
ber_dump: buf=0x08129ff8 ptr=0x08129ffb end=0x0812a075 len=122
0000: 66 78 04 24 63 6e 3d 6d 61 69 6c 2c 20 6f 3d 73 fx.$cn=mail, o=s
0010: 79 73 6c 64 61 70 2c 20 64 63 3d 73 6f 61 6d 61 ysldap, dc=domai
0020: 69 2c 64 63 3d 63 6f 6d 30 50 30 38 0a 01 02 30 e,dc=com0P08...0
0030: 33 04 0c 75 43 65 72 50 61 73 73 77 6f 72 64 31 3..userPassword1
0040: 23 04 21 7b 53 48 41 7d 6f 6a 52 61 69 6a 6a 46 #.!{SHA}ojRaijjF
0050: 63 35 59 6a 7c 71 58 38 54 58 4d 38 53 35 7a 4d c5YjlqX8TiXM8S5zM
0060: 48 67 55 3d 30 14 0a 01 02 30 0f 04 02 73 6e 31 HgU=0....0...sn1
0070: 09 04 07 6d 61 69 6c 20 79 6f ...mail yo
do_modify: dn (cn=mail, o=sysldap, dc=domaine,dc=com)
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x08129ff8 ptr=0x0812a025 end=0x0812a075 len=80
0000: 30 38 0a 01 02 30 33 04 0c 75 73 65 72 50 61 73 08...03..userPas
0010: 73 77 6f 72 64 31 23 04 21 7b 53 48 41 7d 6f 6a sword1#.!{SHA}oj
0020: 52 61 69 6a 9a 46 63 35 59 6a 6c 71 58 38 54 58 RaijjFc5YjlqX8TiX
0030: 4d 38 53 35 7a 4d 4a 67 55 3d 30 14 0a 01 02 30 M8S5zMHgU=0....0
0040: 0f 04 02 73 6e 31 09 04 07 6d 61 69 6c 20 79 6f ...sn1...mail yo
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x08129ff8 ptr=0x0812a05f end=0x0812a075 len=22
0000: 30 14 0a 01 02 30 0f 04 02 73 6e 31 09 04 07 6d 0....0...sn1...m
0010: 61 69 6c 20 79 6f ail yo
modifications:
replace: userPassword
replace: sn
conn=0 op=6 MOD dn="cn=mail, o=sysldap, dc=domain,dc=com"
dn2entry_r: dn: "CN=MAIL,O=SYSLDAP,DC=domain,DC=COM"
=> dn2id( "CN=MAIL,O=SYSLDAP,DC=domaine,DC=COM" )
====> cache_find_entry_dn2id("CN=MAIL,O=SYSLDAP,DC=domain,DC=COM"): 112 (1 tries)
<= dn2id 112 (in cache)
=> id2entry_r( 112 )
====> cache_find_entry_id( 112 ) "cn=mail,o=sysldap, dc=domain,dc=com" (found) (1 tries)
<= id2entry_r( 112 ) 0x8129b48 (cache)
====> cache_return_entry_r( 112 ): returned (0)
send_ldap_result: conn=0 op=6 p=3
send_ldap_result: 10::
send_ldap_result: referral: ldaps://ok.domain.com:11101/
send_ldap_response: msgid=7 tag=103 err=10
send_ldap_response: ref=ldaps://ok.domain.com:11101/
ber_flush: 49 bytes to sd 11
0000: 30 2f 02 01 07 67 2a 0a 01 0a 04 00 04 00 a3 21 0/...g*........!
0010: 04 1f 6c 64 61 70 73 3a 2f 2f 69 6e 74 72 61 2e ..ldaps://ok.
0020: 73 6f 61 6d 61 69 2e 63 6f 6d 3a 31 37 38 35 34 domain.com:11101
0030: 2f /
tls_write: want=70, written=70
0000: 17 03 01 00 41 2b f3 58 ab e0 69 2c 93 66 22 1f ....A+.X..i,.f".
0010: bb 02 ab 06 ac a6 8d 37 3a e1 5d 80 64 ab 74 9e .......7:.].d.t.
0020: d2 38 db fe 9e b9 e3 47 28 d0 cb ee 17 2e 16 fd .8.....G(.......
0030: 58 28 24 41 5b fb 94 f3 c4 23 35 54 24 14 56 49 X($A[....#5T$.VI
0040: 18 b5 7c 4a ac b1 ..|J..
ldap_write: want=49, written=49
0000: 30 2f 02 01 07 67 2a 0a 01 0a 04 00 04 00 a3 21 0/...g*........!
0010: 04 1f 6c 64 61 70 73 3a 2f 2f 69 6e 74 72 61 2e ..ldaps://ok.
0020: 73 6f 61 6d 61 69 2e 63 6f 6d 3a 31 37 38 35 34 domain.com:11101
0030: 2f /
conn=0 op=6 RESULT tag=103 err=10 text=
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
tls_read: want=5, got=5
0000: 17 03 01 00 6b ....k
tls_read: want=107, got=107
0000: 84 5c 93 bb bf 9f 5b 2e 93 d7 ef bb 14 f1 b0 63 .\....[........c
0010: af b9 cc 89 10 78 08 be 40 96 a8 fe da de 37 26 .....x..@.....7&
0020: ac 27 2a 75 73 8e b0 e3 f0 37 2a 67 5a 45 75 c1 .'*us....7*gZEu.
0030: 61 9f c2 33 ea be 99 b6 46 c3 72 f2 c1 4c cf 17 a..3....F.r..L..
0040: 97 27 cd 26 8c 82 b8 77 21 6b 26 ac bb 10 1a 37 .'.&...w!k&....7
0050: 8b e6 6b 8f 2e d4 6d 2c cb fe 23 b0 54 05 39 c9 ..k...m,..#.T.9.
0060: 7c 7f 50 62 75 f8 8b d2 b3 5f 0f |.Pbu...._.
ldap_read: want=1, got=1
0000: 30 0
ldap_read: want=1, got=1
0000: 59 Y
ldap_read: want=89, got=89
0000: 02 01 03 66 54 04 00 30 50 30 38 0a 01 02 30 33 ...fT..0P08...03
0010: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 31 23 ..userPassword1#
0020: 04 21 7b 53 48 41 ad 6f 6a 52 61 69 6a 6a 46 63 .!{SHA}ojRaijjFc
0030: 35 59 6a 6c 71 58 38 54 58 4d 38 53 35 7a 4d 48 5YjlqX8TiXM8S5zMH
0040: 67 55 3d 30 14 0a 01 02 30 0f 04 02 73 6e 31 09 gU=0....0...sn1.
0050: 04 07 6d 61 69 6c 20 79 6f ..mail yo
ber_get_next: tag 0x30 len 89 contents:
ber_dump: buf=0x0812c240 ptr=0x0812c240 end=0x0812c299 len=89
0000: 02 01 03 66 54 04 00 30 50 30 38 0a 01 02 30 33 ...fT..0P08...03
0010: 04 0c 75 73 65 72 50 61 73 73 77 6f 72 64 31 23 ..userPassword1#
0020: 04 21 7b 53 48 81 7d 6f 6a 52 61 69 6a 6a 46 63 .!{SHA}ojRaijjFc
0030: 35 59 6a 6c 71 58 38 54 58 4d 38 53 35 7a 4d 48 5YjlqX8TiXM8S5zMH
0040: 67 55 3d 30 14 0a 01 02 30 0f 04 02 73 6e 31 09 gU=0....0...sn1.
0050: 04 07 6d 61 69 6c 20 79 6f ..mail yo
ber_get_next
tls_read: want=5 error=Resource temporarily unavailable
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_modify
ber_scanf fmt ({a) ber:
ber_dump: buf=0x0812c240 ptr=0x0812c243 end=0x0812c299 len=86
0000: 66 54 04 00 30 50 30 38 0a 01 02 30 33 04 0c 75 fT..0P08...03..u
0010: 73 65 72 50 61 73 73 77 6f 72 64 31 23 04 21 7b serPassword1#.!{
0020: 53 48 41 7d 6f 6a 52 61 69 6a 6a 46 63 35 59 6a SHA}ojRaijjFc5Yj
0030: 6c 71 58 38 54 58 9d 38 53 35 7a 4d 48 67 55 3d lqX8TiXM8S5zMHgU=
0040: 30 14 0a 01 02 30 0f 04 02 73 6e 31 09 04 07 6d 0....0...sn1...m
0050: 61 69 6c 20 79 6f ail yo
do_modify: dn ()
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x0812c240 ptr=0x0812c249 end=0x0812c299 len=80
0000: 30 38 0a 01 02 30 33 04 0c 75 73 65 72 50 61 73 08...03..userPas
0010: 73 77 6f 72 64 31 23 04 21 7b 53 48 41 7d 6f 6a sword1#.!{SHA}oj
0020: 52 61 69 6a 6a 46 63 35 59 6a 6c 71 58 38 54 58 RaijjFc5YjlqX8TiX
0030: 4d 38 53 35 7a 4d 48 37 55 3d 30 14 0a 01 02 30 M8S5zMHgU=0....0
0040: 0f 04 02 73 6e 31 09 04 07 6d 61 69 6c 20 79 6f ...sn1...mail yo
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x0812c240 ptr=0x0812c283 end=0x0812c299 len=22
0000: 30 14 0a 01 02 30 0f 04 02 73 6e 31 09 04 07 6d 0....0...sn1...m
0010: 61 69 6c 20 79 6f ail yo
do_modify: root dse!
send_ldap_result: conn=0 op=2 p=3
send_ldap_result: 53::modify upon the root DSE not supported
send_ldap_response: msgid=3 tag=103 err=53
ber_flush: 52 bytes to sd 10
0000: 30 32 02 01 03 67 2d 0a 01 35 04 00 04 26 6d 6f 02...g-..5...&mo
0010: 64 69 66 79 20 75 70 6f 6e 20 74 68 65 20 72 6f dify upon the ro
0020: 6f 74 20 44 53 45 20 6e 6f 74 20 73 75 70 70 6f ot DSE not suppo
0030: 72 74 65 64 rted
tls_write: want=73, written=73
0000: 17 03 01 00 44 54 ca 22 91 45 0f a0 80 c6 ba 0b ....DT.".E......
0010: d3 40 2b 8e ef ca c4 e1 6f 87 b0 3a 56 4e 11 a1 .@+.....o..:VN..
0020: e9 d0 1a 55 72 20 9b 3a 31 24 57 6c 29 ba fe 76 ...Ur .:1$Wl)..v
0030: 43 42 96 9e a0 46 c3 bf 8e 85 fd 1c 6a 20 c4 df CB...F......j ..
0040: 28 cb cd 88 11 ef b0 08 a2 (........
ldap_write: want=52, written=52
0000: 30 32 02 01 03 67 2d 0a 01 35 04 00 04 26 6d 6f 02...g-..5...&mo
0010: 64 69 66 79 20 75 70 6f 6e 20 74 68 65 20 72 6f dify upon the ro
0020: 6f 74 20 44 53 45 20 6e 6f 74 20 73 75 70 70 6f ot DSE not suppo
0030: 72 74 65 64 rted
conn=0 op=2 RESULT tag=103 err=53 text=modify upon the root DSE not supported
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/domain/samba.schema.test
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/domain/domain_com.at.1.conf
include /usr/local/etc/openldap/domain/domain_com.at.2.conf
include /usr/local/etc/openldap/domain/domain_com.at.3.conf
include /usr/local/etc/openldap/domain/domain_com.at.4.conf
include /usr/local/etc/openldap/domain/domain_com.oc.1.conf
include /usr/local/etc/openldap/domain/domain_com.oc.2.conf
include /usr/local/etc/openldap/domain/domain_com.oc.3.conf
pidfile /usr/local/var/slapdtest.pid
argsfile /usr/local/var/slapdtest.args
database ldbm
suffix "dc=domain,dc=com"
rootdn "cn=sysldap,dc=domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {CRYPT}V0FfEFKhjfs8cbsKw
directory /usr/local/var/openldap-test
# La mémoire utilisée
#cachesize 10000
#dbcachesize 5000000
dbnosync
dbnolocking
lastmod on
readonly off
index cn eq
#index mail,uid eq,sub
index objectClass eq
access to attribute=userPassword
by dn="cn=repldap,o=sysldap,dc=domain,dc=com" write
by self write
by * auth
access to *
by dn="cn=repldap,o=sysldap,dc=domain,dc=com" write
by * read
# by self write
TLSCipherSuite HIGH:MEDIUM:+SSLv3:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/keys/ldap.cert
TLSCertificateKeyFile /usr/local/etc/openldap/keys/ldap.key
TLSCACertificateFile /usr/local/etc/openldap/keys/ca.cert
TLSVerifyClient never
#loglevel -1
updatedn "cn=repldap,o=sysldap,dc=domain,dc=com"
#referral ldaps://ok.domain.com:11101
updateref ldaps://ok.domain.com:11101/
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/domain/samba.schema
include /usr/local/etc/openldap/domain/domain_com.at.1.conf
include /usr/local/etc/openldap/domain/domain_com.at.2.conf
include /usr/local/etc/openldap/domain/domain_com.at.3.conf
include /usr/local/etc/openldap/domain/domain_com.at.4.conf
include /usr/local/etc/openldap/domain/domain_com.oc.1.conf
include /usr/local/etc/openldap/domain/domain_com.oc.2.conf
include /usr/local/etc/openldap/domain/domain_com.oc.3.conf
schemacheck on
pidfile /usr/local/var/slapd-new.pid
argsfile /usr/local/var/slapd-new.args
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=domain, dc=com"
directory /usr/local/var/openldap-ldbm-new
defaultaccess none
rootdn "cn=sysldap, dc=domain, dc=com"
rootpw {CRYPT}Purv5VijCPJbsk
# Pas d'attribut indiquant la dernière modification.
# Les indexs
index cn eq
index mail,uid eq,sub
index objectClass eq
#index default eq
#log
#loglevel -1
# La mémoire utilisée
#cachesize 10000
#dbcachesize 5000000
dbnosync
dbnolocking
lastmod on
readonly off
access to attribute=userPassword
by dn="cn=repldap,o=sysldap,dc=domain,dc=com" write
by dn="cn=hatim.bekkali,ou=it,dc=domain,dc=com" write
by dn="cn=sun324shine,ou=system,dc=domain,dc=com" write
by self write
by * auth
access to *
by dn="cn=repldap,o=sysldap,dc=domain,dc=com" write
by * read
# by self write
TLSCipherSuite HIGH:MEDIUM:+SSLv3:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/ldap.cert
TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key
TLSCACertificateFile /usr/local/etc/openldap/demoCA/ca.cert
#TLSVerifyClient 0
replica host=ok2.domain.com:10001 tls=yes binddn="cn=repldap,o=sysldap,dc=domain,dc=com" bindmethod=simple credentials=Gr5i3DViuTfx4R2Q
replogfile /var/log/slapdtest.log