[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Replication and acl: moddn operation problem.
On 20/6/2012 3:10 ÎÎ, Konstantin Menshikov wrote:
Please, show your replication setup at which it works correctly.
OK, here is an example test setup:
DN: ou=TestBranch1,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch1
DN: dc=hostx,ou=TestBranch1,dc=example,dc=com
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: hostx.example.com
cNAMERecord: www.example.com
dc: hostx
DN: ou=TestBranch2,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch2
ACLs (over-simplistic, devised to illustrate the case):
{0}to dn.sub="ou=TestBranch1,dc=example,dc=com" by
dn.exact="uid=dnsauth,ou=system,dc=example,dc=com" write by * none
{1}to dn.sub="ou=TestBranch2,dc=example,dc=com" by * none
Consumer setup:
syncrepl rid=444
provider=ldaps://vdev.example.com
type=refreshAndPersist
tls_reqcert=never
retry="60 +"
searchbase="dc=example,dc=com"
schemachecking=off
bindmethod=simple
binddn="uid=dnsauth,ou=System,dc=example,dc=com"
credentials="secret"
Initial State: dc=hostx,ou=TestBranch1,dc=example,dc=com exists on both
provider and consumer.
Action1: Manager moves (on the provider) dc=hostx from
ou=TestBranch1,dc=example,dc=com to
dc=hostx,ou=TestBranch2,dc=example,dc=com where consumer has no visibility.
Result: Entry is removed from the consumer
Action2: Manager moves back dc=hostx from
ou=TestBranch2,dc=example,dc=com to
dc=hostx,ou=TestBranch1,dc=example,dc=com where consumer has visibility.
Result: Entry is added back to the consumer
On the provider:
Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x41046300
20120620212459.398242Z#000000#000#000000
Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing
0x1e4b94b0 20120620212459.398242Z#000000#000#000000
Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x4351e750
20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 vdev slapd[2212]: syncprov_sendresp:
cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing
0x1e003b10 20120620212459.506829Z#000000#000#000000
Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x4251c300
20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 vdev slapd[2212]: syncprov_sendresp:
cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing
0x1e46d620 20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x41046750
20120620212527.515237Z#000000#000#000000
Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing
0x1e46d5c0 20120620212527.515237Z#000000#000#000000
On the consumer:
Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444
LDAP_RES_INTERMEDIATE - NEW_COOKIE
Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 NEW_COOKIE:
rid=444,csn=20120620212459.398242Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc2746a0
20120620212459.398242Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing
0xc28ba90 20120620212459.398242Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444
cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444
DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID:
6bd53150-9abf-4c83-9d23-9a706b042e07
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444
LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE)
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444
dc=hostx,ou=TestBranch1,dc=example,dc=com
Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150
20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing
0xc28ba90 20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_delete
dc=hostx,ou=TestBranch1,dc=example,dc=com (0)
Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150
20120620212459.506829Z#000000#000#000000
Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing
0xc46f320 20120620212459.506829Z#000000#000#000000
Jun 21 00:25:27 dnslab slapd[20628]: do_syncrep2: rid=444
cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444
DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID:
bfd9ef4e-e299-445b-b0db-ffafbd8f3804
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444
LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444
dc=hostx,ou=TestBranch1,dc=example,dc=com
Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0
20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing
0xc46ea50 20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_add
dc=hostx,ou=TestBranch1,dc=example,dc=com (0)
Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0
20120620212527.418467Z#000000#000#000000
Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing
0xc46ea50 20120620212527.418467Z#000000#000#000000
As I have noted in another message, I found it is important that the
syncrepl user have NO access at all to the branch where we want no
visibility, otherwise, there might be syncrepl tricky behavior.
Nick