[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Constraint violation: structuralObjectClass: no user modification allow
- To: OpenLDAP <openldap-software@openldap.org>
- Subject: Constraint violation: structuralObjectClass: no user modification allow
- From: openldap <openldap@ayni.com>
- Date: Fri, 14 Mar 2008 14:32:52 +0100
- User-agent: Thunderbird 2.0.0.9 (X11/20071115)
Hi listers,
i have a master LDAP with version openldap-servers-2.3.39-1.fc8,
a slave LDAP with version openldap-servers-2.3.34-0.fc7
a slave LDAP with version openldap-server-2.3.33p1-bdb
the versions are close enough to one another in order to be compatible.
the first two are on fedore 8 and fedora 7, the third on openBSD. from
the master to the two slaves, slurpd replication is installed.
as the slurpd replication will no longer be available, i started testing
syncrepl from the third LDAP server onto a fourth one. i wanted to test,
if i can configure them for refreshAndPersist replication.
to do that i first configured the third to act as a syncrepl provider
for the fourth one and then added a new entry in a test subtree on the
master server.
the following happened: the second server immediately got the changes
via slurpd and accepted them.
the third server also got the changes but rejected them:
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 fd=20 ACCEPT from
IP=xx.xx.xx.xx:45565 (IP=0.0.0.0:3
89)
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 BIND
dn="cn=manager,dc=mydom,dc=com" method=128
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 BIND
dn="cn=Manager,dc=mydom,dc=com" mech=SIMPLE ssf
=0
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 RESULT tag=97 err=0
text=
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=1 ADD
dn="cn=wurguri,ou=LDIF-Test,dc=mydom,dc=com"
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=1 RESULT tag=105
err=19 text=structuralObjectClass: n
o user modification allowed
on the master if found the following in the slurpd-log:
ERROR: Constraint violation: structuralObjectClass: no user modification
allow
ed
replica: thirdhost.mydom.com:389
time: 1205498012.0
dn: cn=wurguri,ou=LDIF-Test,dc=mydom,dc=com
changetype: add
sn: wurguri
cn: wurguri
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 9a3fdcd8-860e-102c-9ead-03486d6a2d35
creatorsName: cn=myuser,ou=pam-ldap,dc=mydom,dc=com
createTimestamp: 20080314123332Z
entryCSN: 20080314123332Z#000000#00#000000
modifiersName: cn=myuser,ou=pam-ldap,dc=mydom,dc=com
modifyTimestamp: 20080314123332Z
as far as i understand, the third LDAP server did not like the
structuralObjectClass specs. when googling around i found "that it is
very easy with sed to extract the structuralObjectClass specs" from the
ldif file.
what do i need to change either on the master, not to let it create ldif
files which are unaceptable for the other(s), or on the slave to make it
accept the structuralObjectClass specs?
suomi