[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"

To: openldap-technical@openldap.org
Subject: syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"
From: "Elias Probst" <mail@eliasprobst.eu>
Date: Sun, 27 May 2012 19:11:32 +0200
User-agent: KMail/4.8.3 (Linux/3.4.0-gentoo; KDE/4.8.3; x86_64; ; )

Hi List,

I'm trying to setup a master/master replication scenario, starting with 
getting cn=config replicated properly using OpenLDAP 2.4.30 on Gentoo.

I've tried to start with a minimal config which is now up and running on both 
servers.

As long as I start only one of both servers I can edit everything in cn=config 
just fine, but as soon as they both run at the same time, they get into a 
state which causes some trouble.
Even shutting down one of both doesn't help then, I need to start from scratch 
again at this point.

Submitting any changes results in this error message:
RESULT tag=103 err=53 text=shadow context; no update referral

There are two servers, connected via OpenVPN:
ID 1, 10.44.0.1
ID 2, 10.44.0.7

I use the following configuration file to seed the initial online 
configuration for each server, before bringing them up both, using:
slapd -f /tmp/slapd.conf -F /etc/openldap/slapd.d -u ldap -g ldap -d1

moduleload    memberof.so
moduleload    syncprov.so
moduleload    refint.so

include        /etc/openldap/schema/core.schema
include        /etc/openldap/schema/cosine.schema
include        /etc/openldap/schema/inetorgperson.schema
include        /etc/openldap/schema/nis.schema
include        /etc/openldap/schema/openssh.schema

TLSCACertificateFile    /etc/ssl/slapd/slapd.cacrt
TLSCertificateFile      /etc/ssl/slapd/slapd.crt
TLSCertificateKeyFile   /etc/ssl/slapd/slapd.key
TLSVerifyClient         allow

pidfile        /var/run/openldap/slapd.pid
argsfile       /var/run/openldap/slapd.args

loglevel    256

access to attrs=userPassword
    by self write
    by * auth

access to *
    by * read

ServerID    1    ldap://10.44.0.1
ServerID    2    ldap://10.44.0.7

backend        bdb

database        config
rootdn          cn=config
rootpw          {SSHA}RI/d8i2R7XXlo2+kf2LcYzYOcIry+qaa

syncrepl        rid=001
                provider="ldap://10.44.0.7";
                binddn="cn=config"
                bindmethod="simple"
                credentials="nothingtoseehere"
                searchbase="cn=config"
                type=refreshAndPersist
                retry="10 +"
                filter="(!(olcDatabase={0}config))"

syncrepl        rid=002
                provider="ldap://10.44.0.1";
                binddn="cn=config"
                bindmethod="simple"
                credentials="nothingtoseehere"
                searchbase="cn=config"
                type=refreshAndPersist
                retry="10 +"
                filter="(!(olcDatabase={0}config))"

overlay         syncprov


I don't quite understand the error message, as it somehow indicates the 
servers would be running in shadow context/MirrorMode, which is set to FALSE.

So does anyone have an idea, what's wrong with my setup?

Thanks a lot!

- Elias

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"
  - From: "Patrick H." <openldap@stormcloud9.net>

Prev by Date: Re: ACL control with break
Next by Date: Re: syncrepl for cn=config, changes fail with "tag=103 err=53 text=shadow context; no update referral"
Index(es):
- Chronological
- Thread