[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
help needed for further investigation
- To: <openldap-technical@openldap.org>
- Subject: help needed for further investigation
- From: <Thomas.Meller@t-systems.com>
- Date: Wed, 13 Feb 2019 14:41:07 +0000
- Accept-language: de-CH, en-US
- Content-language: en-US
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t-systems.com; i=@t-systems.com; q=dns/txt; s=mail; t=1550068879; x=1581604879; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=cz7Wez+tQFpIXbJUQwZSTFj0P/RByks3Xi22mH4jct0=; b=j48OpuWtTyUN1JOyPTz+1mm1jwoxa/aU3nca+lAXd1z9u73Mjrn2U8TJ SCBamlPFOzNC6wxu7e1h2DT6migAX21nVk7oll4vrgZRbxP0qEMFhDyVL 5Bsjgcr9vGcutfvfzP6974kbGr6SIc/2QEmZ9FLVN9RCYec1fYg0r/WCN UESHeGZEPaMtvtNV2AhysEJ04fRmHfmo9/KV759n0ahpKXweYyfupj1PE uJNPoN6cyRRgrQy3SLWvTstNpcd/ULHmTFgPn/1UPpn2Gzqdcf6jmtrDd hOSi17Hv2zRQLG14KlVC0VohA9JsN64kaWaXVuEw6f/E7Nd77X364bHiO g==;
- Thread-index: AdTDnZhekxsQs62MRvuAZZvkYVUyQQ==
- Thread-topic: help needed for further investigation
Hello together. I am the heir of a setup based on RHEL 6.10 and Openldap 2.4.45 (ltb)
A master syncrepls to a slave in type=refreshOnly using bindmethod=sasl, saslmech=external.
The mapped techuser resides in ou=ServiceUser. All Clients also use user objects in the same ou to bind to the servers.
I need to set new acls and decided to include a dedicated acl- and limits-configfile. The ACLs checked via slapacl look fine and run without problems on the test environment. (Which is based on the same 2.4.45 rpms, but the replica runs on RHEL 7.5)
All slapd configuration make use of database mdb and an explicitly set maxsize. (which is sized sufficiently: 12 GB, 49 MB used)
When implementing the configuration on a running system, the replica deletes the ou (that one with all the service user objects).
Which is not what I want
8-/
How can I find out more about the reason for this peculiar result?
I set the loglevel to 'stats sync' on the replica and 'sync' on the master. (fs size is limited for logs)
The access limits are in place for this replication account and read access is granted as well. (might be I need to set something extra for operational attributes?)
limits dn.subtree="ou=ServiceUser,..."
size=unlimited
(this is the replica)
sizelimit unlimited
timelimit 10
and
limits dn.subtree="ou=ServiceUser,..."
size=unlimited
time=120
(in this order, this is the master)
What do I need to look at to find what's missing? I am no openldap crack, but no newbie as well. Yet my openldap knowledge ist not very extended.
Which further infos do I need to supply to maybe get help?
The include statements for limits and acls are defined before the database configuration.
I avoid using dynamic configuration to keep it all simple.
Overlays in use:
chain
dynlist
valsort
memberof
ppolicy
(replica)
syncprov
ppolicy
unique
dynlist
memberof
refint
valsort
(master)
Thank you,
Thomas