[Date Prev][Date Next] [Chronological] [Thread] [Top]
RE: OPENLDAP SYNCREPL

To: Howard Chu <hyc@symas.com>
Subject: RE: OPENLDAP SYNCREPL
From: "Borresen, John - 0442 - MITLL" <john.borresen@ll.mit.edu>
Date: Tue, 13 Mar 2012 15:38:33 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: Quanah Gibson-Mount <quanah@zimbra.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <4F5F9761.40001@symas.com>
References: <201203131605.q2DG5P8H034940@boole.openldap.org> <43C7E5A9D763A7753B885448@[192.168.1.22]> <201203131729.q2DHTQvq040691@boole.openldap.org> <4F5F8B43.2080902@symas.com> <4F5F9761.40001@symas.com>
Thread-index: Ac0BSm5eDJTRGS/BSmSn3oCTLQXxgAABQZrA
Thread-topic: OPENLDAP SYNCREPL
Maybe it's just that it is near the end of the day...but, first here is my
ldif to add the provider to my cn=accesslog:

dn: olcDatabase={2}bdb,cn=config (I've tried it with {1}, {2} and nothing)
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSynProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE

Receiving the following error:

ldap_add: Invalid syntax (21)
        additional info: objectClass: value #1 invalid per syntax


-----
Looking at my old ldif's for creating this in the first place (this my
original LDIF to create the cn=accesslog):

]# more olcDatabase={1}bdb.ldif
dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: bdb
olcDbDirectory: /var/lib/ldap_db/accesslog
olcSuffix: cn=accesslog
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
structuralObjectClass: olcBdbConfig
entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48
creatorsName: cn=admin,cn=config
createTimestamp: 20120229153826Z
entryCSN: 20120229153826.297794Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20120229153826Z

Originally, I had the olcOverlay, etc in this but it failed out with the
same error as above; so, I took it out in the hope of inserting it later
obviously with no luck.



David Borresen
ph:  781-981-2954
email: john.d.borresen@ll.mit.edu


-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Tuesday, March 13, 2012 2:52 PM
To: Borresen, John - 0442 - MITLL
Cc: Quanah Gibson-Mount; openldap-technical@openldap.org
Subject: Re: OPENLDAP SYNCREPL

Borresen, John - 0442 - MITLL wrote:
> Thanks, Howard;
>
> In hindsight, if my config looks jumbled, it is...that's what I get for
> doing little things in a quasi-blind attempt at solving issues.

Quanah's followup was correct: you have the consumer configured for 
delta-syncrepl but you're missing the provider on your cn=accesslog
database.

See the Admin Guide section 18.3.2.
http://www.openldap.org/doc/admin24/replication.html#Configuring%20the%20dif
ferent%20replication%20types

> *******Here is the output of slapcat on the Provider:**********
>
> # slapcat -s olcDatabase=\{1}bdb,cn=config
> dn: olcDatabase={1}bdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcBdbConfig
> olcSuffix: dc=group42,dc=ldap
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
> olcRootPW:: ***************
> olcSyncUseSubentry: FALSE
> olcMonitoring: TRUE
> olcDbDirectory: /var/lib/ldap_db/openldap-data
> olcDbCacheSize: 1000
> olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4
> 2007/1
>   2/18 11:53:27 ghenry Exp $
> olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
> databas
>   es.
> olcDbConfig: {2}#
> olcDbConfig: {3}# See the Oracle Berkeley DB documentation
> olcDbConfig: {4}#
> <http://www.oracle.com/technology/documentation/berkeley-d
>   b/db/ref/env/db_config.html>
> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and
semantics.
> olcDbConfig: {6}#
> olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
> olcDbConfig::
> ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
>   PTI+
> olcDbConfig: {9}# in particular:
> olcDbConfig: {10}#<http://www.openldap.org/faq/index.cgi?file=1075>
> olcDbConfig: {11}
> olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only
upon
> re
>   building
> olcDbConfig: {13}# the DB environment.
> olcDbConfig: {14}
> olcDbConfig: {15}# one 0.25 GB cache
> olcDbConfig: {16}set_cachesize 0 268435456 1
> olcDbConfig: {17}
> olcDbConfig: {18}# Data Directory
> olcDbConfig: {19}#set_data_dir db
> olcDbConfig: {20}
> olcDbConfig: {21}# Transaction Log settings
> olcDbConfig: {22}set_lg_regionmax 262144
> olcDbConfig: {23}set_lg_bsize 2097152
> olcDbConfig: {24}#set_lg_dir logs
> olcDbConfig: {25}
> olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
> "qui
>   ck"
> olcDbConfig::
> ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
>   aXIgLXEgb3B0aW9uKS4g
> olcDbNoSync: FALSE
> olcDbDirtyRead: FALSE
> olcDbIDLcacheSize: 0
> olcDbIndex: objectClass eq
> olcDbIndex: sn eq,sub
> olcDbIndex: mail eq,sub
> olcDbIndex: departmentNumber eq
> olcDbIndex: cn,uid eq,sub
> olcDbIndex: uidNumber eq
> olcDbIndex: entryCSN eq
> olcDbIndex: entryUUID eq
> olcDbIndex: ipHostNumber eq
> olcDbIndex: gidNumber,memberUID eq
> olcDbLinearIndex: FALSE
> olcDbMode: 0600
> olcDbShmKey: 0
> olcDbCacheFree: 1
> olcDbDNcacheSize: 0
> structuralObjectClass: olcBdbConfig
> entryUUID: 101e6d86-dd1c-4eaa-a26e-d7e201a727f8
> creatorsName: cn=config
> createTimestamp: 20111219143532Z
> olcDbSearchStack: 32
> olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
> anonymo
>   us auth by * none
> olcAccess: {1} to * by * read
> olcDatabase: {1}bdb
> olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap" size=unlimited
> time=u
>   nlimited
> entryCSN: 20120313163732.658240Z#000000#001#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120313163732Z
>
> dn: olcOverlay={0}syncprov,olcDatabase={1}bdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcSyncProvConfig
> olcOverlay: {0}syncprov
> olcSpNoPresent: TRUE
> structuralObjectClass: olcSyncProvConfig
> entryUUID: 8572b589-f594-44a6-91fe-0de741afbcca
> creatorsName: cn=admin,cn=config
> createTimestamp: 20120224171809Z
> olcSpReloadHint: TRUE
> olcSpCheckpoint: 1000 60
> entryCSN: 20120312145000.123929Z#000000#001#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120312145000Z
>
> dn: olcOverlay={1}accesslog,olcDatabase={1}bdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcAccessLogConfig
> olcOverlay: {1}accesslog
> olcAccessLogDB: cn=accesslog
> olcAccessLogOps: writes
> olcAccessLogPurge: 07+00:00 01+00:00
> olcAccessLogSuccess: TRUE
> structuralObjectClass: olcAccessLogConfig
> entryUUID: eea1e438-6385-4660-807b-bb270eb4843a
> creatorsName: cn=admin,cn=config
> createTimestamp: 20120229161649Z
> entryCSN: 20120229161649.880441Z#000000#000#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120229161649Z
>
> # slapcat -s olcDatabase=\{2}bdb,cn=config
> dn: olcDatabase={2}bdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcBdbConfig
> olcDbDirectory: /var/lib/ldap_db/accesslog
> olcSuffix: cn=accesslog
> olcDbIndex: default eq
> olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
> structuralObjectClass: olcBdbConfig
> entryUUID: 446c6c64-a899-4f37-9498-cb4a349d3b48
> creatorsName: cn=admin,cn=config
> createTimestamp: 20120229153826Z
> olcLimits: {0}dn.exact="cn=ldapadmin,dc=group42,dc=ldap"
time.soft=unlimited
> t
>   ime.hard=unlimited size.soft=unlimited size.hard=unlimited
> olcDatabase: {2}bdb
> entryCSN: 20120313143637.046410Z#000000#001#000000
> modifiersName: cn=config
> modifyTimestamp: 20120313143637Z
>
>
>
>
> ################################################
> ***Here is the output of slapcat from the Consumer***
> # slapcat -s olcDatabase=\{2}bdb,cn=config
> dn: olcDatabase={2}bdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcBdbConfig
> olcSuffix: dc=group42,dc=ldap
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=ldapadmin,dc=group42,dc=ldap
> olcRootPW:: ***************
> olcSyncUseSubentry: FALSE
> olcMonitoring: TRUE
> olcDbDirectory: /var/lib/ldap_db/openldap-data
> olcDbCacheSize: 1000
> olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4
> 2007/1
>   2/18 11:51:46 ghenry Exp $
> olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB
> databas
>   es.
> olcDbConfig: {2}#
> olcDbConfig: {3}# See the Oracle Berkeley DB documentation
> olcDbConfig: {4}#
> <http://www.oracle.com/technology/documentation/berkeley-d
>   b/db/ref/env/db_config.html>
> olcDbConfig: {5}# for detail description of DB_CONFIG syntax and
semantics.
> olcDbConfig: {6}#
> olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
> olcDbConfig::
> ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
>   PTI+
> olcDbConfig: {9}# in particular:
> olcDbConfig: {10}#<http://www.openldap.org/faq/index.cgi?file=1075>
> olcDbConfig: {11}
> olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only
upon
> re
>   building
> olcDbConfig: {13}# the DB environment.
> olcDbConfig: {14}
> olcDbConfig: {15}# one 0.25 GB cache
> olcDbConfig: {16}set_cachesize 0 268435456 1
> olcDbConfig: {17}
> olcDbConfig: {18}# Data Directory
> olcDbConfig: {19}#set_data_dir db
> olcDbConfig: {20}
> olcDbConfig: {21}# Transaction Log settings
> olcDbConfig: {22}set_lg_regionmax 262144
> olcDbConfig: {23}set_lg_bsize 2097152
> olcDbConfig: {24}#set_lg_dir logs
> olcDbConfig: {25}
> olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for
> "qui
>   ck"
> olcDbConfig::
> ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
>   aXIgLXEgb3B0aW9uKS4g
> olcDbNoSync: FALSE
> olcDbDirtyRead: FALSE
> olcDbIDLcacheSize: 0
> olcDbIndex: objectClass eq
> olcDbIndex: cn,uid eq,sub
> olcDbIndex: sn eq,sub
> olcDbIndex: mail eq,sub
> olcDbIndex: departmentNumber eq
> olcDbIndex: entryCSN eq
> olcDbIndex: entryUUID eq
> olcDbIndex: uidNumber eq
> olcDbIndex: gidNumber eq
> olcDbLinearIndex: FALSE
> olcDbMode: 0600
> olcDbSearchStack: 16
> olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by
> anonymo
>   us auth by * none
> olcAccess: {1} to * by * read
> olcDbShmKey: 0
> olcDbCacheFree: 1
> olcDbDNcacheSize: 0
> structuralObjectClass: olcBdbConfig
> entryUUID: e6971058-e0f0-4160-aaca-a18b24d22008
> creatorsName: cn=config
> createTimestamp: 20120229205835Z
> olcDatabase: {2}bdb
> olcUpdateRef: ldaps://gp42-admin2.group42.ldap:636
> olcMirrorMode: TRUE
> olcSyncrepl: {0}rid=1 provider=ldaps://gp42-admin2.group42.ldap:636
> bindmethod
>   =simple binddn="cn=ldapadmin,dc=group42,dc=ldap" credentials=*********
> interva
>   l=01:00:00:00 searchbase="dc=group42,dc=ldap" logbase="cn=accesslog"
> schemach
>   ecking=on type=refreshAndPersist retry="60 +" filter="(objectClass=*)"
> attrs=
>   "*,+" syncdata=accesslog starttls=no
> tls_cacertdir=/usr/local/openldap-2.4.23
>   /etc/openldap/cacerts
> entryCSN: 20120313150609.224840Z#000000#000#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120313150609Z
>
> dn: olcOverlay={0}memberof,olcDatabase={2}bdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcMemberOf
> olcOverlay: {0}memberof
> structuralObjectClass: olcMemberOf
> entryUUID: 363ad8ed-872c-4fff-99c1-4f73d3e8055d
> creatorsName: cn=admin,cn=config
> createTimestamp: 20120302121345Z
> entryCSN: 20120302121345.220702Z#000000#000#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120302121345Z
>
> dn: olcOverlay={1}syncprov,olcDatabase={2}bdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcSyncProvConfig
> olcOverlay: {1}syncprov
> olcSpNoPresent: TRUE
> structuralObjectClass: olcSyncProvConfig
> entryUUID: 69ca3f6a-1ac4-45f9-88ca-eb7f67ca7b63
> creatorsName: cn=admin,cn=config
> createTimestamp: 20120302141557Z
> entryCSN: 20120302141557.545770Z#000000#000#000000
> modifiersName: cn=admin,cn=config
> modifyTimestamp: 20120302141557Z
>
> I know that the two systems are communicating, at least, at the client
level
> and attempting to at the slapd level.  As stated earlier, the only error
I'm
> seeing consistently on the Consumer is:
> do_syncrep2: rid=001 got search entry without Sync State control
> do_syncrepl: rid=001 rc -1 retrying

>
> David Borresen
> ph:  781-981-2954
> email: john.d.borresen@ll.mit.edu
>
>
> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com]
> Sent: Tuesday, March 13, 2012 2:01 PM
> To: Borresen, John - 0442 - MITLL
> Cc: Quanah Gibson-Mount; openldap-technical@openldap.org
> Subject: Re: OPENLDAP SYNCREPL
>
> Borresen, John - 0442 - MITLL wrote:
>> Thanks, Quanah;
>>
>> As requested:
>
> That was clearly not the problem; if the syncprov module was missing your
> config would have caused slapd to fail to start. Also it was clearly
present
>
> since you had it updating the contextCSN in your shutdown log. Quanah, you
> should have already seen that and not sent him on a wild goose chase.
>
> And, one more time: DO NOT DIRECTLY ACCESS THE FILES IN THE CONFIG
> DIRECTORY.
>
> Use the database administration tools. For your previous case, you should
> have
> simply used:
> 	slapcat -s olcDatabase=\{1\}bdb,cn=config
>
> Make sure the consumer is talking to the server you think it is. Show
slapd
> -d7 output from the provider while the consumer is trying to connect.
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Attachment: smime.p7s
Description: S/MIME cryptographic signature
References:
- OPENLDAP SYNCREPL
  - From: "Borresen, John - 0442 - MITLL" <john.borresen@ll.mit.edu>
- Re: OPENLDAP SYNCREPL
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: OPENLDAP SYNCREPL
  - From: "Borresen, John - 0442 - MITLL" <john.borresen@ll.mit.edu>
- Re: OPENLDAP SYNCREPL
  - From: Howard Chu <hyc@symas.com>
- Re: OPENLDAP SYNCREPL
  - From: Howard Chu <hyc@symas.com>
Prev by Date: Re: olcTLSVerifyClient: demand not taking effect
Next by Date: RE: OPENLDAP SYNCREPL
Index(es):
- Chronological
- Thread