[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Multi Master OpenLdap.



Thank you very much Eli for concidering my issue. Here is my scenario...

 

I couldnât find any abnormality in log files and also I never seen any deletion logs in the server. Slapd will go for hang and some ID`s will get disappear same will be replicate to slaves too. Mainly Groups and Computer accounts

 

I can see some UNBIND and connection lost logs from one server and another multimaster server from

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138411 op=24 SEARCH RESULT tag=101 err=32 nentries=0 text=

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424 op=12 SRCH base="ou=Groups,dc=emb,dc=slb,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138415 op=21 SRCH base="sambaDomainName=EMB,sambaDomainName=emb,dc=emb,dc=slb,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=emb))"

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138415 op=21 SEARCH RESULT tag=101 err=32 nentries=0 text=

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138385 op=46 SRCH base="ou=Groups,dc=emb,dc=slb,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(|(displayName=test)(cn=test)))"

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138385 op=46 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: <= bdb_equality_candidates: (displayName) not indexed

Jul 11 04:03:39 gb0135embldap01 slapd[9852]: <= bdb_equality_candidates: (cn) not indexed

Jul 11 04:07:53 gb0135embldap01 slapd[21335]: @(#) $OpenLDAP: slapd 2.4.15 (Mar 19 2009 10:07:59) $ ^Ibuildd@yellow:/build/buildd/openldap-2.4.15/debian/build/servers/slapd

Jul 11 04:07:54 gb0135embldap01 slapd[21337]: slapd starting

Jul 11 04:07:54 gb0135embldap01 slapd[21337]: conn=0 fd=23 ACCEPT from IP=[::1]:57016 (IP=[::]:389)

Jul 11 04:07:54 gb0135embldap01 slapd[21337]: conn=1 fd=24 ACCEPT from IP=134.32.44.37:40763 (IP=0.0.0.0:389)

 

OLCDATABSE
dn: olcDatabase={1}hdb

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {1}hdb

olcDbDirectory: /var/lib/ldap

olcSuffix: dc=emb,dc=slb,dc=com

olcAccess: {0}to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword

Âby dn="cn=admin,dc=emb,dc=slb,dc=com" write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=136.250.9.48 write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=163.185.18.238 write

Âby anonymous auth by self write

Âby * none

olcAccess: {1}to dn.base="" by * read

#Enable Local Admin to add users in the Group and also SunOne to add users to country groups

olcAccess: {2}to dn.subtree="ou=groups,dc=emb,dc=slb,dc=com"

Âby set="user/uid & [cn=group-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=136.250.9.48 write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=163.185.18.238 write

Âby * read

#Enable Local Admin to add computers

olcAccess: {3}to dn.subtree="ou=Computers,dc=emb,dc=slb,dc=com"

Âby set="user/uid & [cn=group-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write

Âby * read

#Enable shell-admin to set up local user access

olcAccess: {4}to attrs=loginShell,homeDirectory

Âby set="user/uid & [cn=shell-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=136.250.9.48 write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=163.185.18.238 write

Âby * read

#Enable write access to account sun-one-replication for sun ldap replication.

olcAccess: {5}to *

Âby dn="cn=admin,dc=emb,dc=slb,dc=com" write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=136.250.9.48 write

Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=163.185.18.238Â write

Âby * read

olcLastMod: TRUE

olcDbCheckpoint: 512 30

olcDbConfig: {0}set_cachesize 0 2097152 0

olcDbConfig: {1}set_lk_max_objects 1500

olcDbConfig: {2}set_lk_max_locks 1500

olcDbConfig: {3}set_lk_max_lockers 1500

olcDbIndex: objectClass eq

olcDbIndex: entryUUID eq

olcDbIndex: uidNumber eq

olcDbIndex: gidNumber eq

olcDbIndex: gidNumber eq

olcDbIndex: loginShell eq

olcDbIndex: uid eq,pres,sub

olcDbIndex: memberUid eq,pres,sub

olcDbIndex: uniqueMember eq,pres

olcDbIndex: sambaSID eq

olcDbIndex: sambaPrimaryGroupSID eq

olcDbIndex: sambaGroupType eq

olcDbIndex: sambaSIDList eq

olcDbIndex: sambaDomainName eq

olcDbIndex: default sub

structuralObjectClass: olcHdbConfig

entryUUID: f479600a-5f34-102f-8ddd-3ff046e70702

creatorsName: cn=admin,cn=config

createTimestamp: 20100928101442Z

olcRootDN: cn=admin,dc=emb,dc=slb,dc=com

olcSyncrepl: {0}rid=003 provider=ldap://gb0135embldap01.emb.slb.com binddn="cn

Â=admin,dc=emb,dc=slb,dc=com" bindmethod=simple credentials=Bsl@121z searchbas

Âe="dc=emb,dc=slb,dc=com" type=refreshOnly interval=00:00:00:10 retry="5 5 300

 5" timeout=1 starttls=yes

olcSyncrepl: {1}rid=004 provider=ldap://ae0042embldap01.emb.slb.com binddn="cn

Â=admin,dc=emb,dc=slb,dc=com" bindmethod=simple credentials=Bsl@121z searchbas

Âe="dc=emb,dc=slb,dc=com" type=refreshOnly interval=00:00:00:10 retry="5 5 300

 5" timeout=1 starttls=yes

olcMirrorMode: TRUE

entryCSN: 20100928191927.932499Z#000000#001#000000

modifiersName: cn=admin,cn=config

modifyTimestamp: 20100928191927Z

 

 

Ldap Version

@(#) $OpenLDAP: slapd 2.4.15 (Mar 19 2009 10:07:59) $

 

Operating system

Distributor ID: Ubuntu

Description:ÂÂÂ Ubuntu 9.04

Release:ÂÂÂÂÂÂÂ 9.04

Codename:ÂÂÂÂÂÂ jaunty

 

 

Thanks,

-Arun

 

-----Original Message-----
From: E.S. Rosenberg [mailto:esr@g.jct.ac.il]
Sent: Monday, July 11, 2011 12:58 PM
To: Arun Sasi V (WI01 - Manage IT)
Cc: openldap-technical@openldap.org
Subject: Re: Multi Master OpenLdap.

 

Have you tried raising the loglevel?

Are the schemas the same between the servers?

Is time in sync between the servers?

What versions are you dealing with?

You don't provide a lot of info and most of us are not clairvoyant....

Regards,

Eli

 

2011/7/11Â <arun.sasi1@wipro.com>:

> 

> 

> 

> 

> Thanks,

> 

> -Arun

> 

> 

> 

> From: Arun Sasi V (WI01 - Manage IT)

> Sent: Wednesday, July 06, 2011 5:46 PM

> To: 'openldap-technical@openldap.org'

> Subject: Multi Master OpenLdap.

> 

> 

> 

> Hello Team,

> 

> 

> 

> I have configured Multi-master Mirror mode replica setup in our environment.

> We have 3 regions slave Ldap server which is read only and two location we

> have configured as mirror mode replica Ldap. My problem here isâ

> 

> 

> 

> Master Ldap is going hang some times and some ID`s are disappearing from the

> master server. I couldnât find any logs over there for why ID`s are

> disappearing and also why Ldap is going hung state.

> 

> 

> 

> Thanks & Regards,

> 

> Arun Sasi V

> 

> Please do not print this email unless it is absolutely necessary.

> 

> The information contained in this electronic message and any attachments to

> this message are intended for the exclusive use of the addressee(s) and may

> contain proprietary, confidential or privileged information. If you are not

> the intended recipient, you should not disseminate, distribute or copy this

> e-mail. Please notify the sender immediately and destroy all copies of this

> message and any attachments.

> 

> WARNING: Computer viruses can be transmitted via email. The recipient should

> check this email and any attachments for the presence of viruses. The

> company accepts no liability for any damage caused by any virus transmitted

> by this email.

> 

> www.wipro.com

Please do not print this email unless it is absolutely necessary.

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com