https://bugs.openldap.org/show_bug.cgi?id=9727
Issue ID: 9727
Summary: slapd-watcher fails to start if any slapd instance is
down
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: client tools
Assignee: bugs(a)openldap.org
Reporter: gnoe(a)symas.com
Target Milestone: ---
When starting slapd-watcher and slapd isn't running on one of the monitored
servers, slapd-watcher fails to start:
Example w/host2 slapd not running:
[user@host]# slapd-watcher -xD dc=example,dc=com -w secret -b
dc=example,dc=com -s 1,2 ldap://host1/ ldap://host2/
slapd-watcher PID=11892: ldap_sasl_bind_s: Can't contact LDAP server (-1)
I would expect that slapd-watcher would start up completely and indicate the
host was down, like in the case where a host goes down while slapd-watcher is
running. This would allow slapd-watcher to start when one or more replication
node is down for maintenance.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9691
Issue ID: 9691
Summary: Allow syncrepl persist sessions against empty DBs
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review, replication
Severity: enhancement
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
One way to set up an environment is to start with a completely empty DB,
configure all nodes and replication paths and then populate them.
Right now, the syncrepl sessions get rejected with a 32 NO_SUCH_OBJECT,
triggering the retry cascade. Both the consumer and provider have an empty
cookie, so they are in sync and we could actually transition to a persist phase
and let the session proceed.
This way the environment would start replicating almost immediately after first
entries are added. Mind that ITS#9584 still pushes concurrent refreshes into
the retry logic adding a short delay before *all* configured links are set up.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9707
Issue ID: 9707
Summary: Documentation synchronisation ODSEE --> openldap
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: documentation
Assignee: bugs(a)openldap.org
Reporter: laurent.revillion(a)icloud.com
Target Milestone: ---
There is no documentation about the synchronisation between ODSEE and Openldap
2.5.
Will there be one?
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9538
Issue ID: 9538
Summary: Accesslog entryCSN ordering is not always monotonous
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
For delta-sync replication, we rely on CSN order being preserved at all times.
When logops includes anything more than "writes", we don't use li_op_rmutex to
maintain serialisation. A concurrent write and another operation (like bind)
can have the write have its csn assigned before the bind. But before the write
finishes on the main DB and is logged, the bind has already hit accesslog.
This entry out of order doesn't match the usual filter, so non-persist sessions
will not notice, however running persist sessions could get a new cookie sent,
depending on how things are ordered when they hit syncprov.
A sample:
---- 8< ----
Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 ADD
dn="uid=dm01-R1H2-41660,ou=People,dc=example,dc=com"
Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 syncprov_matchops:
recording uuid for dn=reqStart=20210426195604.000350Z,cn=accesslog on
opc=0x7d3d2800dc50
Apr 26 19:56:04 localhost slapd[43930]: slap_get_csn: conn=1003 op=42 generated
new csn=20210426195604.556053Z#000000#002#000000 manage=1
Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x7d3d38148f60
20210426195604.556053Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 BIND
dn="dc=example,dc=com" method=128
Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 BIND
dn="dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=256
Apr 26 19:56:04 localhost slapd[43930]: conn=1003 op=41 RESULT tag=105 err=0
qtime=0.005874 etime=0.015182 text=
Apr 26 19:56:04 localhost slapd[43930]: slap_get_csn: conn=1005 op=1 generated
new csn=20210426195604.558683Z#000000#002#000000 manage=1
Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x561f09113f80
20210426195604.558683Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 syncprov_matchops:
recording uuid for dn=reqStart=20210426195604.000364Z,cn=accesslog on
opc=0x561f0900fcf0
Apr 26 19:56:04 localhost slapd[43930]: conn=1002 op=2 syncprov_qresp: set up a
new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: conn=1001 op=2 syncprov_qresp: set up a
new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: conn=1000 op=2 syncprov_qresp: set up a
new syncres mode=4 csn=20210426195604.558683Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing
0x561f09113f80 20210426195604.558683Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: conn=1005 op=1 RESULT tag=97 err=0
qtime=0.000020 etime=0.004297 text=
Apr 26 19:56:04 localhost slapd[43930]: slap_queue_csn: queueing 0x7d3d38148250
20210426195604.556053Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing
0x7d3d38148250 20210426195604.556053Z#000000#002#000000
Apr 26 19:56:04 localhost slapd[43930]: slap_graduate_commit_csn: removing
0x7d3d38148f60 20210426195604.556053Z#000000#002#000000
---- 8< ----
Example entries in the order slapcat sees them:
---- 8< ----
dn: reqStart=20210426195604.000364Z,cn=accesslog
objectClass: auditBind
reqStart: 20210426195604.000364Z
reqEnd: 20210426195604.000365Z
reqType: bind
entryCSN: 20210426195604.558683Z#000000#002#000000
dn: reqStart=20210426195604.000351Z,cn=accesslog
objectClass: auditAdd
reqStart: 20210426195604.000351Z
reqEnd: 20210426195604.000366Z
reqType: add
entryCSN: 20210426195604.556053Z#000000#002#000000
---- 8< ----
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9556
Issue ID: 9556
Summary: slapd-config should return invalidAttributeSyntax if
parsing schema description fails
Product: OpenLDAP
Version: 2.5.4
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: michael(a)stroeder.com
Target Milestone: ---
I'm currently testing error handling and interacting with LDAP clients (e.g. my
web2ldap).
Sending an invalid attribute type description results in an error (as expected)
returned by slapd-config:
RESULT tag=103 err=80 qtime=0.000032 etime=0.001271 text=olcAttributeTypes:
Unexpected token before SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
But result code other(80) seems not very useful. It's too unspecific to decide
on specific error handling.
It would be much more useful if slapd-config returns invalidAttributeSyntax(21)
in this case.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9576
Issue ID: 9576
Summary: Add ConfigTable link into ConfigArgs
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: enhancement
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
Would make it possible to examine defaults if necessary.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9729
Issue ID: 9729
Summary: Allow setting multiprovider before adding syncrepl
stanzas
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: ondra(a)mistotebe.net
Target Milestone: ---
It should be possible to set multiprovider first, avoiding the window of the DB
being read-only while performing an online upgrade of a single provider to an
MPR set up and generally simplifying configuration.
Instead, the only requirement should be that serverID has been explicitly set
(hopefully != 0).
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9493
Issue ID: 9493
Summary: slapo-accesslog handling of deletion of multi-valued
configuration attributes removes wrong value from list
Product: OpenLDAP
Version: 2.4.57
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: svella(a)technologist.com
Target Milestone: ---
I observed this in the debugger while working on a small feature addition to
slapo-accesslog.
log_cf_gen(), when handling the initial configuration of oldAccessLogOldAttr
(accesslog.c:989), linked list li_oldattrs is being built by inserting each
value in order at the head of the list, resulting in the list being in reverse
order. But when handling LDAP_MOD_DELETE of same attribute (accesslog.c:989),
it is using the index of the removed value (valx) to find and removed the entry
in the linked list, but it's counting from the head of li_oldattrs and not the
tail, resulting in the wrong item being removed from the list unless counting
from the head or the tail happens find the same item.
(Line numbers refer to commit 6c469f07935e351e349bf38fc223dab704c51a76)
Handling of oldAccessLogBase appears to have the same problem, and a cursory
glance through the source of other overlays reveals a similar pattern, and I'm
guessing the same problem.
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9282
Issue ID: 9282
Summary: Syncrepl re-creates deleted entry
Product: OpenLDAP
Version: 2.4.50
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
Scenario:
2 node Multi-provider replication
Add database to provider A
ensure database replicates to provider B
Stop provider A
delete entry on provider B
Start provider A
Wait for provider B to reconnect to provider A
Deleted entry re-appears
--
You are receiving this mail because:
You are on the CC list for the issue.
https://bugs.openldap.org/show_bug.cgi?id=9356
Issue ID: 9356
Summary: Add list of peerSIDs to consumer cookie to reduce
cross traffic
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: quanah(a)openldap.org
Target Milestone: ---
If we add a list of peersids to the cookie, each consumer can tell the
providers who else the consumers talk to and then the provider can omit sending
updates to that consumer, originating from those peers
There's some special handling needed if a connection dies
If a consumer loses one of its peer connections, and after N retries is still
not connected, it should send a new cookie to its remaining peers saying
"here's my new peer list" with the missing one removed. Likewise, if a retry
eventually connects again, it can send a new cookie again
Make that peer list reset configurable in the syncrepl config stanza. This can
help account for end admin knowledge that some links may be more or less stable
than other ones.
The idea here is that if one of your other peers can still see the missing
peer, they can start routing updates to you again
It should abandon all existing persist sessions and send a new sync search with
the new cookie to all remaining peers
For consumer side, also means adding the sid for a given provider into the
syncrepl stanza to save on having to try and discover the peer sid.
--
You are receiving this mail because:
You are on the CC list for the issue.