On 13-02-18 18:59, Dieter Klünter wrote: > Am Fri, 9 Feb 2018 15:26:20 +0100 > schrieb Gerard Ranke <gerard.ranke@hku.nl>: > >> Hello list, >> >> Openldap 2.4.45 here, on 1 producer and 4 consumers. ( I'll attach >> relevant parts of the configuration at the end of this message. ) >> Following the scripts from test059, I configured the producer to serve >> up a cn=config backend for the consumers. This seems to work nicely at >> first: When you start a consumer from a minimal config, it loads the >> producers schemafiles and the cn=config, and replication of the main >> database is fine. Also, when fi. changing the loglevel on the >> producers cn=config,cn=slave, the consumers pick up this change in >> their cn=config. However, when I modify an olcAccess line on the >> producers cn=config,cn=slave database, I get these errors on the >> consumer: >> >> slapd[26324]: syncrepl_message_to_entry: rid=002 DN: >> olcDatabase={1}mdb,cn=config,cn=slave, UUID: > ^^^^^^^^^^^^^^^^^^^^^^^^^ > >> 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc >> slapd[26324]: syncrepl_entry: rid=002 >> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) slapd[26324]: syncrepl_entry: >> rid=002 inserted UUID 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc >> slapd[26324]: syncrepl_entry: rid=002 be_search (0) >> slapd[26324]: syncrepl_entry: rid=002 olcDatabase={1}mdb,cn=config > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > >> slapd[26324]: null_callback : error code 0x43 >> slapd[26324]: syncrepl_entry: rid=002 be_modify >> olcDatabase={1}mdb,cn=config (67) > ^^^^^^^^^^^^^^^^ > I believe this is correct: The consumers have a different configuration than the producer, so it's set up as cn=config,cn=slave on the producer. The consumers have a suffixmassage option in their olcSyncrepl line that changes the suffix to cn=config, so the {1}mdb section should land in the right place. >> slapd[26324]: syncrepl_entry: rid=002 be_modify failed (67) >> slapd[26324]: do_syncrepl: rid=002 rc 67 retrying >> >> From the error code ox43, it seems that the replication is somehow >> trying to change the rdn, olcDatabase{1}mdb, on the consumer, which >> makes no sense to me. >> >> From the producer, cn=config,cn=slave: >> ( This is identical to the consumer's cn=config ) >> >> dn: cn=config,cn=slave >> objectClass: olcGlobal >> objectClass: olcConfig >> objectClass: top >> cn: slaveconfig >> cn: config >> olcArgsFile: /var/run/slapd/slapd.args >> olcAttributeOptions: lang- >> olcAuthzPolicy: none >> olcConcurrency: 0 >> olcConfigDir: slapd.d/ >> olcConnMaxPending: 100 >> olcConnMaxPendingAuth: 1000 >> olcGentleHUP: FALSE >> olcIdleTimeout: 0 >> olcIndexIntLen: 4 >> olcIndexSubstrAnyLen: 4 >> olcIndexSubstrAnyStep: 2 >> olcIndexSubstrIfMaxLen: 4 >> olcIndexSubstrIfMinLen: 2 >> olcLocalSSF: 71 >> olcLogFile: none >> olcLogLevel: none >> olcPidFile: /var/run/slapd/slapd.pid >> olcReadOnly: FALSE >> olcSaslSecProps: noplain,noanonymous >> olcSizeLimit: 20000 >> olcSockbufMaxIncoming: 262143 >> olcSockbufMaxIncomingAuth: 16777215 >> olcThreads: 16 >> olcTLSCACertificatePath: /etc/ssl/certs >> olcTLSCertificateFile: /etc/ssl/certs/hkuwildcardcacert.cert >> olcTLSCertificateKeyFile: /etc/ssl/private/hkuwildcardcacert.key >> olcTLSCRLCheck: none >> olcTLSVerifyClient: never >> olcToolThreads: 2 >> >> I'll leave the rest PM, except for: >> >> dn: olcDatabase={0}config,cn=config,cn=slave >> objectClass: olcDatabaseConfig >> objectClass: olcConfig >> objectClass: top >> olcDatabase: {0}config > ^^^^^^^^^^^^^^^^^^^^^^^ > [...] It's the same here, the producers cn=config,cn=slave is changed in replication to become just cn=config on the consumer. This actually works: I can change fi olcLogLevel or schemas on cn=config,cn=slave on the producer, and they get replicated to the consumers. Just when I try to change things on the {1}mdb section, like an olcAccess line, I get the 0x43 errors... Thanks a lot for answering! Best, gerard
Attachment:
signature.asc
Description: OpenPGP digital signature