[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Q] can I replicate several branches to the same slave from one master?

To: <openldap-technical@openldap.org>
Subject: [Q] can I replicate several branches to the same slave from one master?
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
Date: Tue, 27 Jun 2017 01:04:38 -2100
Cc:
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWxsbGdnZ3U1NQTExN cXFzx8fG/v7+f8hyWAAACXUlEQVQ4jUWSwXYiIRBFi4yyhtjtWpmRdTL0ZC3TJOukDa6Rc+T/P2F eFepwtFvr8upVFVDua8mLWw6La4VIKTuMdAPOebdU55sQs3n/D1xFFPFGVGh4AHKttr5K0bS6g7N ZCge7qpVLB+f1Z2WAj2OKXwIWt/bXpdXSiu8KXbviWkHxF5td9+lg2e3xlI2SCvatK8YLfHyh9lw 15yrad8Va5eXg4Llr7QmAaC+dL9sDt9iad/DX3OKvLMBf+dm0A0QuMrTvYIevSik1IaSVvgjIHt5 lSCG2ynNRpEcBZ8cgDWk+Ns99qzsYYV3MZoppWzGtYlTO9+meG6m/g92iNO9LfQB2JZsMpoJs7QG ku2KtabRK0bZRwDLyBDvwlxTm6ZlP7qyOqLcfqtLexpDSB4M0H3I/PQy1emvjjzgK+A0LmMKl6Lq zlqzh0VGAw440F6MJd8cY0nI7wiF/fVIBGY7UNCAXy6DmfYGCLLI0wtDbVcDUMqtJLmAhLqODQAe riERAxXJ1/QYGpa0ymqyytpKC19MNXHjvFmEsfcHIrncFR4xdbYWgmfEGLCcZokpGbGj1egMR+6M 1BkNX1pDdhPcOXpAnAeLQUwQLYepgQoZVNGS61yaE8CYA7gYAcWKzwGstACY2HTFvvOwk4FXAG/a mKHni/EcA/GkOk7I0IK7UMIf3+SahU8/FJdiE7KcuWdM3MFocUDEEIX9LfJoo4xV5tnNKc3jJuSs SZWgnnhepgU1zN4Hii18yW4RwDX52CXUtk0Hqz6cHOIUkWaX8fDcB+J7y1y2xDHwjv/8Buu8Ekz6 7tXQAAAAASUVORK5CYII=
Organization: I.B.S. LLC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi,

please advise

I need to replicate not all but some branches from one master to one slave

not sure how much correct I have done that, but here what I have:

slave starts successfully, records appear on slave as expected,
services successfully use data as expected ... but the replication
fails (fragments of log files are bellow)

on master I see: consumer state is newer than provider
on slave: LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform

so ... what is wrong here?


branches to replicate:
ou=People,dc=example
ou=clusterX,ou=Sendmail,dc=example

to be used by 3 services on the slave

1. email (smtp auth and imap4/pop3 auth)
   object dn sample:
   uid=ja@foo.bar,authorizedService=mail@foo.bar,uid=johnd,ou=People,dc=example

2. jabber
   object dn sample:
   uid=aj@foo.bar,authorizedService=xmpp@foo.bar,uid=johnd,ou=People,dc=example

3. sendmail configuration

(here is the detailed diagram https://github.com/z-eos/umi/wiki/DB-topology)


======================================================================
here is the configuration layout:


- ---[ master configuration quotation start ]---------------------------
...
access to dn.children="dc=example"
       by dn.exact="uid=replABC,ou=repl,dc=example" read
       by * break

# syncprov specific indexing
index entryCSN eq
index entryUUID eq

overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100

overlay accesslog
logdb   cn=example-accesslog
logops  writes
logold  (objectclass=*)
index   default eq

### Accesslog DB
database        mdb
maxsize         1073741824
suffix          cn=example-accesslog
rootdn          "cn=root,cn=example-accesslog"
rootpw          ***
directory       "/var/db/openldap-data/example-accesslog"

index           default eq
index           entryCSN,objectClass,reqEnd,reqResult,reqStart

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
...
- ---[ master configuration quotation end   ]---------------------------



- ---[ slave configuration quotation start ]----------------------------
syncrepl rid=123
provider=ldap://master.example:389
starttls=critical
searchbase="dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
filter="(|(&(objectClass=authorizedServiceObject)(objectClass=mailutilsAccount)(authorizedService=mail@foo.bar)))"
attrs="cn,entry,entryCSN,entryUUID,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,authorizedService,mu-mailBox"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog

syncrepl rid=123
provider=ldap://master.example:389
starttls=critical
searchbase="dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
filter="(&(objectClass=authorizedServiceObject)(authorizedService=xmpp@foo.bar))"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog

syncrepl rid=123
provider=ldap://master.example:389
starttls=critical
searchbase="ou=ABC,ou=Sendmail,dc=example"
bindmethod=simple
binddn="uid=replABC,ou=repl,dc=example"
credentials="***"
tls_cacert=/usr/local/etc/openldap/ssl/ca.crt
tls_cert=/usr/local/etc/openldap/ssl/ABC.crt
tls_key=/usr/local/etc/openldap/ssl/ABC.key
tls_reqcert=try
type=refreshAndPersist
retry="60 +"
logbase="cn=example-accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
- ---[ slave configuration quotation end   ]----------------------------





======================================================================
here are logs

- ---[ master slapd.log quotation start ]-------------------------------
Jun 26 22:54:25 master slapd[75509]: conn=55585 fd=19 ACCEPT from IP=192.168.0.1:54127 (IP=192.168.0.254:389)
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=0 STARTTLS
Jun 26 22:54:25 master slapd[75509]: conn=55586 fd=20 ACCEPT from IP=192.168.0.1:57184 (IP=192.168.0.254:389)
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=0 RESULT oid= err=0 text=
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=0 STARTTLS
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=0 RESULT oid= err=0 text=
Jun 26 22:54:25 master slapd[75509]: conn=55586 fd=20 TLS established tls_ssf=256 ssf=256
Jun 26 22:54:25 master slapd[75509]: conn=55585 fd=19 TLS established tls_ssf=256 ssf=256
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=1 BIND dn="uid=replABC,ou=repl,dc=example" method=128
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=1 BIND dn="uid=replABC,ou=repl,dc=example" mech=SIMPLE ssf=0
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=1 RESULT tag=97 err=0 text=
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=1 BIND dn="uid=replABC,ou=repl,dc=example" method=128
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=1 BIND dn="uid=replABC,ou=repl,dc=example" mech=SIMPLE ssf=0
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=1 RESULT tag=97 err=0 text=
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=2 SRCH base="cn=example-accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))"
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=2 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=2 SRCH base="cn=example-accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))"
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=2 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=2 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider!
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=2 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider!
Jun 26 22:54:25 master slapd[75509]: conn=55586 op=3 UNBIND
Jun 26 22:54:25 master slapd[75509]: conn=55586 fd=20 closed
Jun 26 22:54:25 master slapd[75509]: conn=55585 op=3 UNBIND
Jun 26 22:54:25 master slapd[75509]: conn=55585 fd=19 closed
Jun 26 22:54:31 master slapd[75509]: conn=55587 fd=19 ACCEPT from IP=192.168.0.1:58488 (IP=192.168.0.254:389)
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=0 STARTTLS
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=0 RESULT oid= err=0 text=
Jun 26 22:54:31 master slapd[75509]: conn=55587 fd=19 TLS established tls_ssf=256 ssf=256
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=1 BIND dn="uid=replABC,ou=repl,dc=example" method=128
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=1 BIND dn="uid=replABC,ou=repl,dc=example" mech=SIMPLE ssf=0
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=1 RESULT tag=97 err=0 text=
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=2 SRCH base="cn=example-accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))"
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=2 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=2 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider!
Jun 26 22:54:31 master slapd[75509]: conn=55587 op=3 UNBIND
Jun 26 22:54:31 master slapd[75509]: conn=55587 fd=19 closed
- ---[ master slapd.log quotation end   ]-------------------------------


- ---[ slave slapd.log quotation start ]--------------------------------
Jun 26 21:41:44 ABC slapd[67186]: @(#) $OpenLDAP: slapd 2.4.44 (Feb  7 2017 01:19:39) $  root@foo.bar:/usr/ports/net/openldap24-server/work/openldap-2.4.44/servers/slapd
Jun 26 21:41:44 ABC slapd[67187]: slapd starting
Jun 26 21:41:44 ABC slapd[67187]: conn=1000 fd=14 ACCEPT from IP=127.0.0.1:32266 (IP=127.0.0.1:389)
Jun 26 21:41:44 ABC slapd[67187]: conn=1001 op=0 BIND dn="" method=128
Jun 26 21:41:44 ABC slapd[67187]: conn=1002 fd=17 ACCEPT from IP=127.0.0.1:35827 (IP=127.0.0.1:389)
Jun 26 21:41:44 ABC slapd[67187]: conn=1000 op=0 BIND dn="" method=128
Jun 26 21:41:44 ABC slapd[67187]: conn=1001 op=0 RESULT tag=97 err=0 text=
Jun 26 21:41:44 ABC slapd[67187]: conn=1001 fd=16 ACCEPT from IP=127.0.0.1:37048 (IP=127.0.0.1:389)
Jun 26 21:41:44 ABC slapd[67187]: conn=1002 op=0 BIND dn="" method=128
Jun 26 21:41:44 ABC slapd[67187]: conn=1000 op=0 RESULT tag=97 err=0 text=
Jun 26 21:41:44 ABC slapd[67187]: conn=1002 op=0 RESULT tag=97 err=0 text=
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrepl: rid=123 rc -2 retrying
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrepl: rid=123 rc -2 retrying
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrep2: rid=123 (53) Server is unwilling to perform
Jun 26 21:41:45 ABC slapd[67187]: do_syncrepl: rid=123 rc -2 retrying
Jun 26 21:42:43 ABC slapd[67187]: conn=1003 fd=9 ACCEPT from IP=127.0.0.1:37489 (IP=127.0.0.1:389)
Jun 26 21:42:43 ABC slapd[67187]: conn=1003 op=0 BIND dn="" method=128
- ---[ slave slapd.log quotation end   ]--------------------------------

- -- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCWVGE9gAKCRCveOk+D/ej
Kp1JAJ9tFikqgeCHlzUXfQrcTQuHlAqNKwCdEMnIM6uOFRCNBN6oHmh4AyQ6j1U=
=Xn/Y
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [Q] can I replicate several branches to the same slave from one master?
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: RE: syncrepl fails after upgrade to openldap 2.4.45
Next by Date: Why didn't rfc2307bis supersede rfc2307?
Index(es):
- Chronological
- Thread