[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: two databases replicating to one slave server doesn't work



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas wrote:
| openldap-2.1.30
| berkeley db 4.2.52 + 2 patches
|

I'm running the same versions, and it gets more interesting ... see below.

| With the following setup (two databases), changes are sent twice to
the slave
| server (logs further below). Obviously, the second time the change is
already
| there and a replication error occurs.
|
| MASTER
| database        bdb
| subordinate
| suffix          "ou=Branch1,dc=my-domain,dc=com"
| rootdn          "cn=Manager,dc=my-domain,dc=com"
| directory       /var/lib/ldap-branch
| index objectClass eq
| access to attr=userPassword
|         by anonymous auth
|         by self write
|         by * none
| access to attr=shadowLastChange
|         by self write
|         by * read
| access to *
|         by * read
| replica host=build-cl9.distro.conectiva tls=no
|         suffix="ou=Branch1,dc=my-domain,dc=com"
|         bindmethod=simple
|         binddn="uid=replicator,dc=my-domain,dc=com"
|         credentials="replicator"
| replogfile /var/lib/replog/master-replog
| database        bdb
| suffix          "dc=my-domain,dc=com"
| rootdn          "cn=Manager,dc=my-domain,dc=com"
| rootpw          changethis
| directory       /var/lib/openldap-data
| index   objectClass     eq
| access to attr=userPassword
|         by anonymous auth
|         by self write
|         by * none
| access to attr=shadowLastChange
|         by self write
|         by * read
| access to *
|         by * read
| replica host=build-cl9.distro.conectiva tls=no
|         suffix="dc=my-domain,dc=com"
|         bindmethod=simple
|         binddn="uid=replicator,dc=my-domain,dc=com"
|         credentials="replicator"
| replogfile /var/lib/replog/master-replog
|
| I added a "description" attribute under the "uid=replicator" entry. It
got sent
| twice to the slave server.
|
| /var/lib/slurpd/replica/slurpd.replog:
| replica: build-cl9.distro.conectiva
| time: 1089386416
| dn: uid=replicator,dc=my-domain,dc=com
| changetype: modify
| add: description
| description:: dXN1w6FyaW8gZGUgcmVwbGljYcOnw6Nv
| -
| replace: entryCSN
| entryCSN: 2004070915:20:16Z#0x0001#0#0000
| -
| replace: modifiersName
| modifiersName: cn=Manager,dc=my-domain,dc=com
| -
| replace: modifyTimestamp
| modifyTimestamp: 20040709152016Z
| -
|
| LDAP log on the slave:
| slapd[24432]: conn=5 fd=17 ACCEPT from IP=10.0.2.177:40993
(IP=0.0.0.0:389)
| slapd[24432]: conn=6 fd=20 ACCEPT from IP=10.0.2.177:40994
(IP=0.0.0.0:389)
| slapd[24447]: conn=5 op=0 BIND dn="uid=replicator,dc=my-domain,dc=com"
method=128
| slapd[24447]: conn=5 op=0 BIND dn="uid=replicator,dc=my-domain,dc=com"
mech=simple ssf=0
| slapd[24447]: conn=5 op=0 RESULT tag=97 err=0 text=
| slapd[24441]: conn=6 op=0 BIND dn="uid=replicator,dc=my-domain,dc=com"
method=128
| slapd[24441]: conn=6 op=0 BIND dn="uid=replicator,dc=my-domain,dc=com"
mech=simple ssf=0
| slapd[24441]: conn=6 op=0 RESULT tag=97 err=0 text=
| slapd[24447]: conn=5 op=1 MOD dn="uid=replicator,dc=my-domain,dc=com"
| slapd[24447]: conn=5 op=1 MOD attr=description entryCSN modifiersName
modifyTimestamp
| slapd[24441]: conn=6 op=1 MOD dn="uid=replicator,dc=my-domain,dc=com"
| slapd[24441]: conn=6 op=1 MOD attr=description entryCSN modifiersName
modifyTimestamp
| slapd[24447]: conn=5 op=1 RESULT tag=103 err=0 text=
| slapd[24441]: conn=6 op=1 RESULT tag=103 err=20 text=modify/add:
description: value #0 already exists
|

I have 3 databases, 4 replicas for the first two, 5 for the 3rd, but
each replica uses different replica DNs. But, it seems slurpd gets
confused, and uses the wrong replica DN for a specific database:

# grep -E "(^suffix|^replica|^replog|binddn)" /etc/openldap/slapd.conf
suffix          "cn=mail,ou=isp"
replogfile      /var/lib/ldap/mail/replog
replica         host=io:389
~                binddn="cn=root,cn=mail,ou=isp"
replica         host=ganymedes:389
~                binddn="cn=root,cn=mail,ou=isp"
replica         host=leda:389
~                binddn="cn=root,cn=mail,ou=isp"
replica         host=elara:389
~                binddn="cn=root,cn=mail,ou=isp"
#                binddn="cn=root,cn=mail,ou=isp" bindmethod=simple
credentials=mailme99
#                binddn="cn=root,cn=mail,ou=isp" bindmethod=simple
credentials=mailme99
suffix          "ou=radius,o=intekom,c=za"
replogfile      /var/lib/ldap/radius/replog
replica         host=io:389
~                binddn="cn=root,ou=radius,o=intekom,c=za"
replica         host=ganymedes:389
~                binddn="cn=root,ou=radius,o=intekom,c=za"
replica         host=leda:389
~                binddn="cn=root,ou=radius,o=intekom,c=za"
replica         host=elara:389
~                binddn="cn=root,ou=radius,o=intekom,c=za"
#                binddn="cn=root,ou=radius,o=intekom,c=za"
bindmethod=simple credentials=infranetpoid
#                binddn="cn=root,ou=radius,o=intekom,c=za"
bindmethod=simple credentials=infranetpoid
suffix          "dc=telkomsa,dc=net"
replogfile      /var/lib/ldap/openldap-master-replog
replica         host=io:389
~                binddn="cn=metis,ou=Hosts,dc=telkomsa,dc=net"
replica         host=ganymedes:389
~                binddn="cn=metis,ou=Hosts,dc=telkomsa,dc=net"
replica         host=leda:389
~                binddn="cn=metis,ou=Hosts,dc=telkomsa,dc=net"
replica         host=elara:389
~                binddn="cn=metis,ou=Hosts,dc=telkomsa,dc=net"
replica         host=jupiter:389
~                binddn="cn=metis,ou=Hosts,dc=telkomsa,dc=net"

And, in the log on one of the slaves, we see:

Jul 19 16:59:57 io slapd[9732]: conn=3 op=0 BIND
dn="cn=root,ou=radius,o=intekom
,c=za" method=128
Jul 19 16:59:57 io slapd[9732]: conn=3 op=0 BIND
dn="cn=root,ou=radius,o=intekom
,c=za" mech=SIMPLE ssf=0
Jul 19 16:59:57 io slapd[9732]: conn=3 op=0 RESULT tag=97 err=0 text=
Jul 19 16:59:57 io slapd[9735]: conn=3 op=1 ADD
dn="cn=iafrica,cn=mail,ou=isp"
Jul 19 16:59:57 io slapd[9735]: conn=3 op=1 RESULT tag=105 err=10 text=


So, slurpd is trying to write to the "cn=mail,ou=isp" database as the rootdn for ou=radius,o=intekom,c=za, which is clearly wrong and obviously not going to work.

| Just for fun, I replaced one of the replica lines with the IP
| address of the slave host instead of its name. That is, I made
| the directive different from the other one, but still pointing to
| the same host.
|
| Voilá, it started working.
| So, instead of:
| (...)
| replica uri=ldap://build-cl9.distro.conectiva:389
| (...)
| replica uri=ldap://build-cl9.distro.conectiva:389
| (...)
|
| I have:
| (...)
| replica uri=ldap://10.0.17.107:389
| (...)
| replica uri=ldap://build-cl9.distro.conectiva:389
| (...)
|
| Then it works (yes, I also switched to using "uri" instead of "host"
| midtesting, but that alone didn't help).
| 10.0.17.107 is the IP address of build-cl9.distro.conectiva. Just having
| it "different" in the two replica directives seemed to be the trick.
|
| So, is this scenario not supported? Is it a glitch? A bug? Am I mad? :)
| Thanks for any input.

In our setup, it's not that simple ... it can't work as slurpd is trying
to replicate as the wrong DN for the database it is trying to replicate.

Guess it's time to file an ITS.

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA++mQrJK6UGDSBKcRAikaAJ9V1U5kJRWaQfqsq8qW+x1PlEV0vACfXG6P
yeE1WJO0fC0z13enuUK7320=
=n7gZ
-----END PGP SIGNATURE-----