(ITS#8524) cn=config + ditContentRule
by dieter@dkluenter.de
Full_Name: Dieter Kluenter
Version: 2.4.44
OS: openSUSE
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (93.214.226.147)
It seems that the config backend provides schema information only after
configuration data, this leads to following error:
./slapd -h "ldap://:9007/ ldapi:///" -F ../etc/openldap/slapd.d -d256
580f76bd config error processing cn=config: olcDitContentRules:
ObjectClass not found: "2.16.840.1.113730.3.2.2" 580f76bd slapd stopped.
ile
While the same process only with information based on slapd.conf is successful:
./slapd -h "ldap://:9007/ ldapi:///" -f ../etc/openldap/slapd.conf -d256
580f76e4 slapd starting
The slapd.configuration:
include /opt/openldap/etc/openldap/schema/core.schema
include /opt/openldap/etc/openldap/schema/cosine.schema
include /opt/openldap/etc/openldap/schema/inetorgperson.schema
include /opt/openldap/etc%2pepenldap/schema/nis.schema
ditcontentrule ( 2.16.840.1.113730.3.2.2
NAME 'sys4Person'
AUX ( posixAccount )
)
[more configuration parameter]
slapd.d
dn: cn=config
objectClass: olcGlobal
cn: config
...
olcToolThreads: 1
olcWriteTimeout: 0
olcDitContentRules: {0}( 2.16.840.1.113730.3.2.2 NAME 'sys4Person' AUX posix
Account )
...
-Dieter
6 years, 7 months
(ITS#8523) Incoming
by rm@mh-freiburg.de
Am Dienstag, 25. Oktober 2016 04:29 CEST, Ryan Tandy <ryan(a)nardis.ca> s=
chrieb:
>
> I'm actually thinking this is a duplicate of ITS#8428, already fixed =
in
> RE24.
Yes, that does look like the bug I'm experiencing.
> Can you please try with commit 2e60bf5e applied?
There seem to be quite some changes in op.c, no way to just
apply that change. I'd have to sw=C3=ADtch from debian to upstream
which I try to avoid.
Thank's a lot,
Ralf Mattes
6 years, 7 months
Re: (ITS#8512) segfault for large entries
by ryan@nardis.ca
This is probably a specific case of ITS#8435. There is a fix in git
master already, commit id 23c5d6bb. Would you please test with that
patch applied?
6 years, 7 months
Re: (ITS#8522) Incoming
by ryan@nardis.ca
On Mon, Oct 24, 2016 at 04:48:18PM +0000, rm(a)mh-freiburg.de wrote:
>#0 0x00007f60dd7e0aa0 in ?? ()
>#1 0x00007f61650bca41 in slap=5Fwritewait=5Fplay (op=3D0x7f60c8002550)=
> at ../../../../servers/slapd/result.c:294
>#2 send=5Fldap=5Fber (op=3D0x7f60c8002550, ber=3D0x7f60dd64f250) at ..=
>/../../../servers/slapd/result.c:367
>#3 0x00007f61650bf651 in slap=5Fsend=5Fsearch=5Fentry (op=3D0x7f60c800=
>2550, rs=3D0x7f60dd7e0aa0) at ../../../../servers/slapd/result.c:1430
>#4 0x00007f616003590b in mdb=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f6=
>0dd7e0aa0) at ../../../../../servers/slapd/back-mdb/search.c:1086
>#5 0x00007f615f5f8cd6 in relay=5Fback=5Fop (op=3D0x7f60c8002550, rs=3D=
>0x7f60dd7e0aa0, which=3D<optimized out>)
> at ../../../../../servers/slapd/back-relay/op.c:210
I'm actually thinking this is a duplicate of ITS#8428, already fixed in
RE24. Can you please try with commit 2e60bf5e applied?
6 years, 7 months
(ITS#8522) Incoming
by rm@mh-freiburg.de
I'm experiencing a suspiciously similar segfault on 2.4.44+dfsg-1
Here follows the backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f60dd7e1700 (LWP 32510)]
0x00007f60dd7e0aa0 in ?? ()
(gdb) bt
#0 0x00007f60dd7e0aa0 in ?? ()
#1 0x00007f61650bca41 in slap=5Fwritewait=5Fplay (op=3D0x7f60c8002550)=
at ../../../../servers/slapd/result.c:294
#2 send=5Fldap=5Fber (op=3D0x7f60c8002550, ber=3D0x7f60dd64f250) at ..=
/../../../servers/slapd/result.c:367
#3 0x00007f61650bf651 in slap=5Fsend=5Fsearch=5Fentry (op=3D0x7f60c800=
2550, rs=3D0x7f60dd7e0aa0) at ../../../../servers/slapd/result.c:1430
#4 0x00007f616003590b in mdb=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f6=
0dd7e0aa0) at ../../../../../servers/slapd/back-mdb/search.c:1086
#5 0x00007f615f5f8cd6 in relay=5Fback=5Fop (op=3D0x7f60c8002550, rs=3D=
0x7f60dd7e0aa0, which=3D<optimized out>)
at ../../../../../servers/slapd/back-relay/op.c:210
#6 0x00007f616511aeea in overlay=5Fop=5Fwalk (op=3Dop@entry=3D0x7f60c8=
002550, rs=3D0x7f60dd7e0aa0, which=3Dop=5Fsearch, oi=3D0x7f6165d2c020,=
on=3D<optimized out>) at ../../../../servers/slapd/backover.c:677
#7 0x00007f616511b044 in over=5Fop=5Ffunc (op=3D0x7f60c8002550, rs=3D<=
optimized out>, which=3D<optimized out>)
at ../../../../servers/slapd/backover.c:730
#8 0x00007f61650af071 in fe=5Fop=5Fsearch (op=3D0x7f60c8002550, rs=3D0=
x7f60dd7e0aa0) at ../../../../servers/slapd/search.c:402
#9 0x00007f61650ae9ee in do=5Fsearch (op=3D0x7f60c8002550, rs=3D0x7f60=
dd7e0aa0) at ../../../../servers/slapd/search.c:247
#10 0x00007f61650ac57c in connection=5Foperation (ctx=3D0x7f60dd7e0c10,=
arg=5Fv=3D0x7f60c8002550)
at ../../../../servers/slapd/connection.c:1158
#11 0x00007f61650ac867 in connection=5Fread=5Fthread (ctx=3D0x7f60c8002=
550, argv=3D0x7f60dd7df710)
at ../../../../servers/slapd/connection.c:1294
#12 0x00007f6164c0df22 in ldap=5Fint=5Fthread=5Fpool=5Fwrapper (xpool=3D=
0x7f6165c8ffa0) at ../../../../libraries/libldap=5Fr/tpool.c:696
#13 0x00007f61631f20a4 in start=5Fthread (arg=3D0x7f60dd7e1700) at pthr=
ead=5Fcreate.c:309
#14 0x00007f6162f2762d in clone () at ../sysdeps/unix/sysv/linux/x86=5F=
64/clone.S:111
To reliably trigger the segfault I need to request jpegImage attributes=
. A few more (possibly important) facts:
the server houses two databases, the first is a sync-repl slave unsing =
the mdb backend, the second a relay backend
that provides read-only access to the first database rewriting the data=
base suffix.
So far I could only trigger the segfault in the relay database, not in =
the mdb-backend one.
HTH Ralf Mattes
6 years, 7 months
Re: (ITS#8436) slapadd hang in bdb_tool_entry_close / ldap_pvt_thread_cond_wait
by michael@stroeder.com
This is a cryptographically signed message in MIME format.
--------------ms060809020701010302070106
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable
lists(a)steffen-moser.de wrote:
> Today, I encountered a similar hang of our OpenLDAP 2.4.30 server on a
> Solaris 11.3(.11.6.0) host.
Note that 2.4.30 release is more than 4.5 years old. There have been *man=
y*
fixes since then. [1]
Using free software it's best practice first trying to reproduce the erro=
rnous
behaviour with a recent release. Otherwise you're wasting developers' spa=
re time.
Ciao, Michael. (not a OpenLDAP developer)
[1] CHANGES from RE24 branch:
http://www.openldap.org/devel/gitweb.cgi?p=3Dopenldap.git;a=3Dblob;f=3DCH=
ANGES;h=3D4914db12b0ab2fe2e4f2a91ea46df224a4532cdc;hb=3Drefs/heads/OPENLD=
AP_REL_ENG_2_4
--------------ms060809020701010302070106
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CucwggT9MIID5aADAgECAhBFRleVrRF8X5GwbV0tcLCgMA0GCSqGSIb3DQEBCwUAMHUxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll
bnQgQ0EwHhcNMTYwOTE2MDcxNjUxWhcNMTkxMjE2MDcxNjUxWjBEMR0wGwYDVQQDDBRtaWNo
YWVsQHN0cm9lZGVyLmNvbTEjMCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChMBt5jtuLXsNQ5U7rBbZit8sknIwz
hfaousT3d/fssQ6qZwe9l1yklILSXVMqI7/bxbiqcd3zrz+imdSlZPrFBHGfh04DZHCfss2F
RwSswGejqP1qE3hPvZi96wFfOMqenpN+pSXqNJ1OPBCJ8a+8ZEioFKoEj3HkCCXjbmezAgms
FuA7aFE9BfjJ2eQKw8B9G8X1FjvOTinYSZ2F+qHpKgywl4HTx0dMnYy+Pwu4DDIHkEaVH+uj
K1/ed76WUEH51mX9m2Xu0onfQlSM3me6EvAAZiIDsCEbF9WttRuJbpfCFo0m2uW7BBugS7EG
Jro1nRSQVnpJyTFgHb5EGMVVAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0l
BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFh1801TSuxT
Nltnv9rOjrZzUUgNMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJKLUnSG1oMG8GCCsGAQUF
BwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsGAQUF
BzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50MS5jcnQwOAYD
VR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVudDEuY3Js
MB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ryb2VkZXIuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tLzBHBgNVHSAEQDA+MDwGCysGAQQBgbU3AQIFMC0wKwYIKwYBBQUH
AgEWH2h0dHBzOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggEB
AKiJ9wpjJeHdEzHDZyqmhn4cHcRj9Ag7ZQK0meq1N3oQ9M1YeVge6vZe20LXojgXsNUQGLSt
1lW2s7fABkL9CF+/RtWznHxlp4YpWX/RgbHBo3uXKNA5JUOjbxQ2+1b1jaTp/FUrSIISAxgd
RpeYAODJ0db1x8Q+l66DtIVjj7ktWISdJWE2Opn4QnaRwdj6n35Rul4S2ikUsmxtGrHLpjRR
XJqbsGa0RZdJyUKlZ2ZRAoRz4jKHOogQcig937sR5Ut2pGOhrScEhgARY2c8Gs2olRTL3pue
mE4vjY0g1Nwr9RzeFwMuasiFh4yD34i6jIRfoNzuLPgydjsJ0grw0akwggXiMIIDyqADAgEC
AhBrp4p9CteI1lEK+Vnk57ThMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0
ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw0xNTEyMTYwMTAwMDVaFw0zMDEyMTYwMTAwMDVaMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC9fdr3w6J9g/Zbgv3bW1+uHht1wLUZr5gkrLtXedg17Ake
fMyUGwrQdvwObhajcVmnKVxhrUwkZPXRAwZZosRHfEIi5FH7x6SV/8Sp5lZEuiMnvMFG2MzL
A84J6Ws5T4NfXZ0qn4TPgnr3X2vPVS51M7Ua9nIJgn8jvTra4eyyQzxvuA/GZwKg7VQfDCmC
S+kICslYYWgXOMt2xlsSslxLce0CGWRsT8EpMyt1iDflSjXZIsE7m1uTyHaKZspMLyIyz6my
Su8j8BWWHpChNNeTrFuhVfrOAyDPFJVUvKZCLKBhibTLloyy+LatoWELrjdI4a8StZY8+dIR
9t4APXGzAgMBAAGjggFkMIIBYDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQIMAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0
cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDAGCCsGAQUFBzAChiRodHRwOi8vYWlh
LnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0OBBYEFCSBbDlhvkkPj7cbRivJKLUn
SG1oMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMD8GA1UdIAQ4MDYwNAYEVR0g
ADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZI
hvcNAQELBQADggIBAIvj94fsAYuErQ8BAluc4SMnIwS9NPBwAm5SH9uh2NCXTq7im61g7F1L
IiNI/+wq37fUuaMbz4g7VarKQTgf8ubs0p7NZWcIe7Bvem2AWaXBsxsaRTYw5kG3DN8pd1hS
EUuFoTa7DmNeFe8tiK1BrL3rbA/m48jp4AiFXgvxprJrW7izsyetOrRHPbkW4Y07v29MdhaP
v3u1JELyszXqOzjIYo4sWlC8iDQXwgSW/ntvWy2n4LuiaozlCfXl149tKeqvwlvrla2Yklue
/quWp9j9ou4T/OY0CXMuY+B8wNK0ohd2D4ShgFlMSjzAFRoHGKF81snTr2d1A7Ew02oF6UQy
CkC2aNNsK5cWOojBar5c7HplX9aHYUCZouxIeU28SONJAxnATgR4cJ2jrpmYSz/kliUJ46S6
UpVDo/ebn9c6PaM/XtDYCCaM/7XX6wc3s++sbQ7CtCn1Ax7df6ufQbwyO0V+oFa9H0KAsjHM
zcwk3EV2B2NLatidKE/m7G+rB9m+FlVgIiSp0mGlg43QO9Kh1+JqvTCIzv2bJJkmPMLQJNuK
KwHNL8F4GGp6jbAV+WL+LDeGfVcq8DHS3LrD+xyYEXQBiqZEdiPVOMxLDSUCXsDO0uCWpaNQ
8j6y6S9p0xE/Ga0peVLadVHhqf9nXqKaxnr358VgfrxzUIrvOaOjMYIDzDCCA8gCAQEwgYkw
dTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAx
IENsaWVudCBDQQIQRUZXla0RfF+RsG1dLXCwoDANBglghkgBZQMEAgEFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMDIzMDgyMjExWjAvBgkq
hkiG9w0BCQQxIgQgehc9Y4gx28kcYczpRvC2Q2ABbnfsrL/miwx27k5rFD0wbAYJKoZIhvcN
AQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBmgYJKwYB
BAGCNxAEMYGMMIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkw
JwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3Rh
cnRDb20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwgZwGCyqGSIb3DQEJ
EAILMYGMoIGJMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYD
VQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRD
b20gQ2xhc3MgMSBDbGllbnQgQ0ECEEVGV5WtEXxfkbBtXS1wsKAwDQYJKoZIhvcNAQEBBQAE
ggEAHk9bj7goMwb2QRpeBL4Fbz1dMxtUpmSEUXavT0n5WuPSmk0lJJQLBMe5ghXUz8bzVID1
RZf2XpEVXIebI7mdLn/uXK/seRu0AKpBjySLP+i4olu38RULsB1SU1qoEtCuZrFbvvPZxzhm
tmy3eRI/rt/uT9PY2de0MAE4kjH4gyC3NBUCnnVbh9xfIKrK40IwYAPdJfjdq+EfANQJSJ+C
GUryJn2y5gbt59pgZ8aq6qgEZHWTMHGi6a0oNWtd4peC5dtSILTCZQQVVHd0YY3hBPAMuqwA
gYpcjrR0ePx/N0T0JBYZYdf9tUHjVSexTbn1LIcfSbsFK0UgfOpFkxXzAwAAAAAAAA==
--------------ms060809020701010302070106--
6 years, 7 months
Re: (ITS#8436) slapadd hang in bdb_tool_entry_close / ldap_pvt_thread_cond_wait
by lists@steffen-moser.de
Dear Mark,
On 05/25/16 2:38 PM, Mark Bannister wrote:
> Can anyone shed light on why my slapadd process on Solaris 11 was
> hanging (slapd 2.4.30)? I was piping ‘gunzip -c’ through to slapadd
> (from an overnight cron job). This usually works fine. I’m guessing
> perhaps the gunzip process encountered an error, maybe an EPIPE was
> sent, but the stack trace many days later from slapadd doesn’t look
> right. Only 2 threads, and both of them in
> ldap_pvt_thread_cond_wait(), but no other threads so what are they
> waiting for exactly?
I've just come across your problem report which you posted to the
"openldap-its" mailing list in this year's May:
http://www.openldap.org/lists/openldap-technical/201605/threads.html#00079
Today, I encountered a similar hang of our OpenLDAP 2.4.30 server on a
Solaris 11.3(.11.6.0) host.
It is quite interesting that the function "bdb_tool_entry_close" doesn't
seem to play a role in my case, but "ldap_pvt_thread_cond_wait" and
"ldap_int_thread_pool_wrapper" do seem to.
My questions to your address and to the mailing list are: Has the
bug/problem been fully analyzed and has it been fixed in the meantime?
Mark, did you have another hang of this kind or any similar problems
with your OpenLDAP installation?
Thank you very much in advance for any helpful hints!
Kind regards,
Steffen
--
------------------------------------------------------------------------
Dipl.-Inf. Steffen Moser
School of Advanced Professional Studies Room: 45.3.110
Ulm University Tel: +49.731.50-32407
Albert-Einstein-Allee 45 Fax: +49.731.50-32409
89081 Ulm, Germany http://saps.uni-ulm.de/
6 years, 7 months
Re: (ITS#8521) Cannot have replication working after setting up the replication config in slapd.d
by elecharny@gmail.com
Is it just me, or the ITS WebUI is removing part of the message I typed ?
Anyway, here is the complete descripton :
Replication won't start if we set it up on running servers configured wit=
h
slapd.d. The scenario is the following :
o We have 2 servers, one will become the provider, the other the consumer
o They are initially empty%2ususing MDB (see the attached configurations,
converted from slapd.conf to slapd.d)
o We start the 2 servers
o Step 1 : On the provider, we inject the following entry :
dn: cn=3Dconfig
changetype: modify
add: olcServerId
olcServerId: 1
-
o Step 2 : On the provider, we inject the following entries :
# Context entry
dn: dc=3Dexample,dc=3Dcom
changetype: add
objectClass: domain
objectClass: top
dc: example
# LDAPRoles, dc=3Dexample,dc=3Dcom
dn: ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom
objectClass: top
objectClass: organizationalUnit
ou: LDAPRoles
dn: dc=3Dusers,dc=3Dexample,dc=3Dcom
changetype: add
dc: users
objectClass: domain
objectClass: top
dn: cn=3DJohndoe,dc=3Dusers,dc=3Dexample,dc=3Dcom
changetype: add
objectClass: person
objectClass: top
sn: John Doe
cn: Johndoe
# replicator, LDAPRoles, dc=3Dexample, dc=3Dcom
dn: cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom
objectClass: top
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword: secret
cn: replicator
o Step 3 : On the consumer, we inject the following entry :
# Context entry
dn: dc=3Dexample,dc=3Dcom
changetype: add
objectClass: domain
objectClass: top
dc: example
o Step 4 : On the provider, we inject the following entries :
dn: cn=3Dmodule{0},cn=3Dconfig
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
dn: olcOverlay=3Dsyncprov,olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: add
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
objectClass: olcSyncprovConfig
olcOverlay: syncprov
olcSpSessionLog: 10000
olcSpCheckpoint: 100 10
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
add: olcLimits
olcLimits: dn.exact=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dc=
om" time.soft=3Dunlimited time.h
ard=3Dunlimited size.soft=3Dunlimited size.hard=3Dunlimited
-
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.subtree=3D"dc=3Dexample,dc=3Dcom" by self write by =
dn.exact=3D"cn=3D
replicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" read by anonymous auth =
by * read
-
o Step 5 : On the consumer, we inject the following entry :
dn: olcDatabase=3D{1}mdb,cn=3Dconfig
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=3D1 provider=3Dldap://10.61.155.18 bindmethod=3Dsimple b=
i
nddn=3D"cn=3Dreplicator,ou=3DLDAPRoles,dc=3Dexample,dc=3Dcom" credential=
s=3Dsecret type=3DrefreshAndPersis
t searchbase=3D"dc=3Dexample,dc=3Dcom" filter=3D"(objectclass=3D*)" scop=
e=3Dsub schemacheck
ing=3Don retry=3D"5 10 60 +" sizeLimit=3Dunlimited timelimit=3Dunlimited
-
At this point, one would expect the replication to kick on, and having th=
e entries flowing from the producer to the consumer, but nothing happens.
Ignoring the first step (ServerID setting), and applying the other steps,=
just work fine. It seems that setting the ServerID blocks everything (FT=
R, it does not help either to setup the consumer's ServerID).
This is problematic in a scenario where we would try to make 2 servers be=
ing replicated in a MMR typology with MirrorMode set, as the ServerID wi=
l be mandatory.
Here is the provider configuratio (this is in slapd.conf format for conve=
nience, it is being converted to slapd.d before the server is started) :
#########################################################################=
########
## Provider configuration
#########################################################################=
#########
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Schema files. Note that not all of these schemas co-exist peacefully.
# Use only those you need and leave the rest commented out.
include "/opt/symas/etc/openldap/schema/core.schema"
include "/opt/symas/etc/openldap/schema/cosine.schema"
include "/opt/symas/etc/openldap/schema/inetorgperson.schema"
include "/opt/symas/etc/openldap/schema/misc.schema"
# TLSCipherSuite <cipher-suite-spec>
# Permits configuring what ciphers will be accepted and the
# preference order. <cipher-suite-spec> should be a cipher
# specification for the TLS library in use (OpenSSL, GnuTLS, or
# Mozilla NSS).
TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments.
# These files are needed by the init scripts, so only change
# these if you are prepared to edit those scripts as well.
pidfile "/var/symas/run/slapd.pid"
argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.
modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional
# functionalityi when configured. NOTE: We package many=20
# more modules options than those found below.=20
moduleload back_mdb.la
moduleload back_monitor.la
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn=3D"" by * read
access to *
by self write
by users read
by anonymous auth
#-----------------------------------------------------------------------
# LOGGING
loglevel stats sync
#######################################################################
# config database
#######################################################################
database config
rootdn "cn=3DDirectory Manager,cn=3Dconfig"
rootpw secret
access to * by * none
#######################################################################
# Sample LMDB database definitions
#######################################################################
database mdb
suffix "dc=3Dexample,dc=3Dcom"
rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details describing
# the creation of encrypted passwords.
rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't=
any indexing specified for a given attribute
index default eq
index objectClass
index cn
# The database directory MUST exist prior to running slapd AND=20
# should only be accessible by the slapd/tools. Mode 700 recommended.
# One directory will be needed for each backend, so you should
# create a subdirectory beneath /var/symas/openldap-data for each
# new backend. This is also where the DB_CONFIG file needs to be
# placed.
directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is=20
# Recommended to set this near the expected free-space availability
# for the machine. This paramiter is not pre-allocated and simply=20
# represents the upward limit to which the database will be allowed
# to grow. Note: Specified in *bytes*. Here, we set it to 1gb.
maxsize 10485760
#######################################################################
# Monitor database
#######################################################################
database monitor
access to dn.subtree=3D"cn=3Dmonitor"
by * read
And here is the consumer configuration :
#########################################################################=
########
## Consumer configuration
#########################################################################=
#########
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Schema files. Note that not all of these schemas co-exist peacefully.
# Use only those you need and leave the rest commented out.
include "/opt/symas/etc/openldap/schema/core.schema"
include "/opt/symas/etc/openldap/schema/cosine.schema"
include "/opt/symas/etc/openldap/schema/inetorgperson.schema"
include "/opt/symas/etc/openldap/schema/misc.schema"
#
# TLSCipherSuite <cipher-suite-spec>
# Permits configuring what ciphers will be accepted and the
# preference order. <cipher-suite-spec> should be a cipher
# specification for the TLS library in use (OpenSSL, GnuTLS, or
# Mozilla NSS).
TLSCipherSuite HIGH:MEDIUM
# Files in which to store the process id and startup arguments.
# These files are needed by the init scripts, so only change
# these if you are prepared to edit those scripts as well.
pidfile "/var/symas/run/slapd.pid"
argsfile "/var/symas/run/slapd.args"
# Choose the directory for loadable modules.
modulepath "/opt/symas/lib64/openldap"
# Uncomment the moduleloads as needed to enable additional
# functionalityi when configured. NOTE: We package many
# more modules options than those found below.
moduleload back_mdb.la
moduleload back_monitor.la
# Sample access control policy:
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn=3D"" by * read
access to *
by self write
by users read
by anonymous auth
#-----------------------------------------------------------------------
# LOGGING
loglevel stats sync
#######################################################################
# config database
#######################################################################
database config
rootdn "cn=3DDirectory Manager,cn=3Dconfig"
rootpw secret
access to * by * none
#######################################################################
# Sample LMDB database definitions
#######################################################################
database mdb
suffix "dc=3Dexample,dc=3Dcom"
rootdn "cn=3DDirectory Manager,dc=3Dexample,dc=3Dcom"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details describing
# the creation of encrypted passwords.
rootpw secret
# Indices to maintain
# index default sets the basic type of indexing to perform if there isn't=
any indexing specified for a given attribute
index default eq
index objectClass
index cn
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
# One directory will be needed for each backend, so you should
# create a subdirectory beneath /var/symas/openldap-data for each
# new backend. This is also where the DB_CONFIG file needs to be
# placed.
directory "/var/symas/openldap-data/example"
# Here we specify the maximum on-disk size of the database. It is
# Recommended to set this near the expected free-space availability
# for the machine. This paramiter is not pre-allocated and simply
# represents the upward limit to which the database will be allowed
# to grow. Note: Specified in *bytes*. Here, we set it to 1gb.
maxsize 10485760
#######################################################################
# Monitor database
#######################################################################
database monitor
access to dn.subtree=3D"cn=3Dmonitor"
by * read
Le 21/10/16 =C3=A0 23:45, openldap-its(a)OpenLDAP.org a =C3=A9crit :
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
>
> Thanks for your report to the OpenLDAP Issue Tracking System. Your
> report has been assigned the tracking number ITS#8521.
>
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers. They only work on OpenLDAP when they have spare
> time.
>
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message. Note that
> any mail sent to openldap-its(a)openldap.org with (ITS#8521)
> in the subject will automatically be attached to the issue report.
>
> mailto:openldap-its@openldap.org?subject=3D(ITS#8521)
>
> You may follow the progress of this report by loading the following
> URL in a web browser:
> http://www.OpenLDAP.org/its/index.cgi?findid=3D8521
>
> Please remember to retain your issue tracking number (ITS#8521)
> on any further messages you send to us regarding this report. If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
>
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
>
> OpenLDAP Software is user supported.
> http://www.OpenLDAP.org/support/
>
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
--=20
Emmanuel Lecharny
Symas.com
directory.apache.org
6 years, 7 months
