[Date Prev][Date Next] [Chronological] [Thread] [Top]

Constraint violation: structuralObjectClass: no user modification allow



Hi listers,

i have a master LDAP with version openldap-servers-2.3.39-1.fc8,
a slave LDAP with version openldap-servers-2.3.34-0.fc7
a slave LDAP with version openldap-server-2.3.33p1-bdb

the versions are close enough to one another in order to be compatible.

the first two are on fedore 8 and fedora 7, the third on openBSD. from the master to the two slaves, slurpd replication is installed.

as the slurpd replication will no longer be available, i started testing syncrepl from the third LDAP server onto a fourth one. i wanted to test, if i can configure them for refreshAndPersist replication.
to do that i first configured the third to act as a syncrepl provider for the fourth one and then added a new entry in a test subtree on the master server.


the following happened: the second server immediately got the changes via slurpd and accepted them.
the third server also got the changes but rejected them:
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 fd=20 ACCEPT from IP=xx.xx.xx.xx:45565 (IP=0.0.0.0:3
89)
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 BIND dn="cn=manager,dc=mydom,dc=com" method=128
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 BIND dn="cn=Manager,dc=mydom,dc=com" mech=SIMPLE ssf
=0
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=0 RESULT tag=97 err=0 text=
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=1 ADD dn="cn=wurguri,ou=LDIF-Test,dc=mydom,dc=com"
Mar 14 13:33:33 thirdhost slapd[18518]: conn=6 op=1 RESULT tag=105 err=19 text=structuralObjectClass: n
o user modification allowed


on the master if found the following in the slurpd-log:

ERROR: Constraint violation: structuralObjectClass: no user modification allow
ed
replica: thirdhost.mydom.com:389
time: 1205498012.0
dn: cn=wurguri,ou=LDIF-Test,dc=mydom,dc=com
changetype: add
sn: wurguri
cn: wurguri
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 9a3fdcd8-860e-102c-9ead-03486d6a2d35
creatorsName: cn=myuser,ou=pam-ldap,dc=mydom,dc=com
createTimestamp: 20080314123332Z
entryCSN: 20080314123332Z#000000#00#000000
modifiersName: cn=myuser,ou=pam-ldap,dc=mydom,dc=com
modifyTimestamp: 20080314123332Z



as far as i understand, the third LDAP server did not like the structuralObjectClass specs. when googling around i found "that it is very easy with sed to extract the structuralObjectClass specs" from the ldif file.


what do i need to change either on the master, not to let it create ldif files which are unaceptable for the other(s), or on the slave to make it accept the structuralObjectClass specs?

suomi