On 13-02-18 18:59, Dieter Klünter wrote:
> Am Fri, 9 Feb 2018 15:26:20 +0100
> schrieb Gerard Ranke <gerard.ranke@hku.nl>:
>
>> Hello list,
>>
>> Openldap 2.4.45 here, on 1 producer and 4 consumers. ( I'll attach
>> relevant parts of the configuration at the end of this message. )
>> Following the scripts from test059, I configured the producer to serve
>> up a cn=config backend for the consumers. This seems to work nicely at
>> first: When you start a consumer from a minimal config, it loads the
>> producers schemafiles and the cn=config, and replication of the main
>> database is fine. Also, when fi. changing the loglevel on the
>> producers cn=config,cn=slave, the consumers pick up this change in
>> their cn=config. However, when I modify an olcAccess line on the
>> producers cn=config,cn=slave database, I get these errors on the
>> consumer:
>>
>> slapd[26324]: syncrepl_message_to_entry: rid=002 DN:
>> olcDatabase={1}mdb,cn=config,cn=slave, UUID:
> ^^^^^^^^^^^^^^^^^^^^^^^^^
>
>> 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc
>> slapd[26324]: syncrepl_entry: rid=002
>> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) slapd[26324]: syncrepl_entry:
>> rid=002 inserted UUID 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc
>> slapd[26324]: syncrepl_entry: rid=002 be_search (0)
>> slapd[26324]: syncrepl_entry: rid=002 olcDatabase={1}mdb,cn=config
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>> slapd[26324]: null_callback : error code 0x43
>> slapd[26324]: syncrepl_entry: rid=002 be_modify
>> olcDatabase={1}mdb,cn=config (67)
> ^^^^^^^^^^^^^^^^
>
I believe this is correct: The consumers have a different configuration
than the producer, so it's set up as cn=config,cn=slave on the producer.
The consumers have a suffixmassage option in their olcSyncrepl line that
changes the suffix to cn=config, so the {1}mdb section should land in
the right place.
>> slapd[26324]: syncrepl_entry: rid=002 be_modify failed (67)
>> slapd[26324]: do_syncrepl: rid=002 rc 67 retrying
>>
>> From the error code ox43, it seems that the replication is somehow
>> trying to change the rdn, olcDatabase{1}mdb, on the consumer, which
>> makes no sense to me.
>>
>> From the producer, cn=config,cn=slave:
>> ( This is identical to the consumer's cn=config )
>>
>> dn: cn=config,cn=slave
>> objectClass: olcGlobal
>> objectClass: olcConfig
>> objectClass: top
>> cn: slaveconfig
>> cn: config
>> olcArgsFile: /var/run/slapd/slapd.args
>> olcAttributeOptions: lang-
>> olcAuthzPolicy: none
>> olcConcurrency: 0
>> olcConfigDir: slapd.d/
>> olcConnMaxPending: 100
>> olcConnMaxPendingAuth: 1000
>> olcGentleHUP: FALSE
>> olcIdleTimeout: 0
>> olcIndexIntLen: 4
>> olcIndexSubstrAnyLen: 4
>> olcIndexSubstrAnyStep: 2
>> olcIndexSubstrIfMaxLen: 4
>> olcIndexSubstrIfMinLen: 2
>> olcLocalSSF: 71
>> olcLogFile: none
>> olcLogLevel: none
>> olcPidFile: /var/run/slapd/slapd.pid
>> olcReadOnly: FALSE
>> olcSaslSecProps: noplain,noanonymous
>> olcSizeLimit: 20000
>> olcSockbufMaxIncoming: 262143
>> olcSockbufMaxIncomingAuth: 16777215
>> olcThreads: 16
>> olcTLSCACertificatePath: /etc/ssl/certs
>> olcTLSCertificateFile: /etc/ssl/certs/hkuwildcardcacert.cert
>> olcTLSCertificateKeyFile: /etc/ssl/private/hkuwildcardcacert.key
>> olcTLSCRLCheck: none
>> olcTLSVerifyClient: never
>> olcToolThreads: 2
>>
>> I'll leave the rest PM, except for:
>>
>> dn: olcDatabase={0}config,cn=config,cn=slave
>> objectClass: olcDatabaseConfig
>> objectClass: olcConfig
>> objectClass: top
>> olcDatabase: {0}config
> ^^^^^^^^^^^^^^^^^^^^^^^
> [...]
It's the same here, the producers cn=config,cn=slave is changed in
replication to become just cn=config on the consumer. This actually
works: I can change fi olcLogLevel or schemas on cn=config,cn=slave on
the producer, and they get replicated to the consumers. Just when I try
to change things on the {1}mdb section, like an olcAccess line, I get
the 0x43 errors...
Thanks a lot for answering!
Best,
gerard
Attachment:
signature.asc
Description: OpenPGP digital signature