>>> Sylvain <debian.roxx@gmail.com> schrieb am 30.08.2013 um 12:41 in Nachricht
<CALhNj+SVK2rYJ9_Y46THat-zXhXkM0Sx-7A9Cz55Sy1pF0tGvw@mail.gmail.com>:
> Hi !Could it be you need a line with "-" here?
>
> In my logs, I saw lot of lines like this (we have a poor script which
> refresh the base with delete/add primitives) :
>
> memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete
> memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16
>
> I can reproduce the problem with a small LDIF :
>
> # 1st part
> dn: uid=V6971,ou=people,dc=xxx,dc=com
> changetype: delete
> dn: uid=V6971,ou=people,dc=xxx,dc=comAnd there?
> changetype: add
> objectClass...
>
> # 2nd part
> dn: cn=VAC,ou=groups,dc=xxx,dc=com
> changetype: delete
> dn: cn=VAC,ou=groups,dc=xxx,dc=com
> changetype: add
> objectClass...
>
> In the logs (shown below), we saw that problem occurs only on the delete of
> cn=VAC but if I reduce the LDIF to that (2nd part), I have no more the
> problem !? I don't understand...
>
> Here the logs with all the LDIF :
>
> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 fd=32 ACCEPT from IP=
> 192.168.0.1:48049 (IP=0.0.0.0:389)
> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND
> dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND
> dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 RESULT tag=97 err=0
> text=
> --> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=1 DEL
> dn="cn=VAC,ou=groups,dc=xxx,dc=com"
> --> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1:
> memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete
> memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1 RESULT tag=107 err=0
> text=
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 ADD
> dn="cn=VAC,ou=groups,dc=xxx,dc=com"
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 RESULT tag=105 err=0
> text=
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 DEL
> dn="uid=V6971,ou=people,dc=xxx,dc=com"
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 RESULT tag=107 err=0
> text=
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 ADD
> dn="uid=V6971,ou=people,dc=xxx,dc=com"
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 RESULT tag=105 err=0
> text=
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=5 UNBIND
> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 fd=32 closed
>
> And here the logs with only the 2nd part of LDIF :
>
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 ACCEPT from IP=
> 192.168.0.1:43599 (IP=0.0.0.0:389)
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND
> dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND
> dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 RESULT tag=97 err=0
> text=
> --> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 DEL
> dn="cn=VAC,ou=groups,dc=xxx,dc=com"
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 RESULT tag=107 err=0
> text=
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 ADD
> dn="cn=VAC,ou=groups,dc=xxx,dc=com"
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 RESULT tag=105 err=0
> text=
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=3 UNBIND
> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 closed
>
> For information, here the configuration of memberOf overlay :
>
> dn: olcOverlay={0}memberof, olcDatabase={1}hdb, cn=config
> olcMemberOfMemberAD: member
> olcMemberOfRefInt: FALSE
> olcOverlay: memberof
> olcMemberOfDangling: ignore
> objectClass: olcMemberOf
> objectClass: olcOverlayConfig
> olcMemberOfMemberOfAD: memberOf
> olcMemberOfGroupOC: groupOfNames
>
> We run OpenLDAP 2.4.31 replicated onto another host on Debian Wheezy.
> Do you have an idea on the problem ?
>
> Thanks,
> Sylvain