[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication and acl: moddn operation problem.



On 20/6/2012 3:10 ÎÎ, Konstantin Menshikov wrote:

Please, show your replication setup at which it works correctly.


OK, here is an example test setup:

DN: ou=TestBranch1,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch1

DN: dc=hostx,ou=TestBranch1,dc=example,dc=com
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: hostx.example.com
cNAMERecord: www.example.com
dc: hostx

DN: ou=TestBranch2,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch2

ACLs (over-simplistic, devised to illustrate the case):
{0}to dn.sub="ou=TestBranch1,dc=example,dc=com" by dn.exact="uid=dnsauth,ou=system,dc=example,dc=com" write by * none
{1}to dn.sub="ou=TestBranch2,dc=example,dc=com"  by * none

Consumer setup:

syncrepl rid=444
        provider=ldaps://vdev.example.com
        type=refreshAndPersist
        tls_reqcert=never
        retry="60 +"
        searchbase="dc=example,dc=com"
        schemachecking=off
        bindmethod=simple
        binddn="uid=dnsauth,ou=System,dc=example,dc=com"
        credentials="secret"

Initial State: dc=hostx,ou=TestBranch1,dc=example,dc=com exists on both provider and consumer.

Action1: Manager moves (on the provider) dc=hostx from ou=TestBranch1,dc=example,dc=com to dc=hostx,ou=TestBranch2,dc=example,dc=com where consumer has no visibility.
Result: Entry is removed from the consumer

Action2: Manager moves back dc=hostx from ou=TestBranch2,dc=example,dc=com to dc=hostx,ou=TestBranch1,dc=example,dc=com where consumer has visibility.
Result: Entry is added back to the consumer

On the provider:

Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x41046300 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e4b94b0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x4351e750 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e003b10 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x4251c300 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d620 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x41046750 20120620212527.515237Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d5c0 20120620212527.515237Z#000000#000#000000

On the consumer:

Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 LDAP_RES_INTERMEDIATE - NEW_COOKIE Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 NEW_COOKIE: rid=444,csn=20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc2746a0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: 6bd53150-9abf-4c83-9d23-9a706b042e07 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE)
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_delete dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46f320 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: bfd9ef4e-e299-445b-b0db-ffafbd8f3804 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_add dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000

As I have noted in another message, I found it is important that the syncrepl user have NO access at all to the branch where we want no visibility, otherwise, there might be syncrepl tricky behavior.

Nick