[Issue 9772] cn=config replication of olcDbCheckpoint is broken

https://bugs.openldap.org/show_bug.cgi?id=9772

--- Comment #4 from stefan@kania-online.de --- See my config of all ldap-server in cn_config.txt. With this configuration I modify "serverID" in "dn: cn=config" and I see the following messages on the ldap where I do the changes: ------------- Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 fd=39 ACCEPT from IP=192.168.56.45:60488 (IP=0.0.0.0:389) Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=0 BIND dn="cn=admin,cn=config" method=128 Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=0 BIND dn="cn=admin,cn=config" mech=SIMPLE bind_ssf=0 ssf=0 Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.004416 text= Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 MOD dn="cn=config" Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 MOD attr=olcServerID Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 syncprov_matchops: recording uuid for dn=cn=config on opc=0x7f57d4000d18 Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 syncprov_findbase: searching Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 syncprov_findbase: searching Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 syncprov_findbase: searching Jan 04 19:25:55 ldap01 slapd[289]: slap_get_csn: conn=1053 op=1 generated new csn=20220104182555.949883Z#000000#001#000000 manage=1 Jan 04 19:25:55 ldap01 slapd[289]: slap_queue_csn: queueing 0x7f57d422b4a0 20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1047 op=2 syncprov_qresp: set up a new syncres mode=1 csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1046 op=2 syncprov_qresp: set up a new syncres mode=1 csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1045 op=2 syncprov_qresp: set up a new syncres mode=1 csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=1 RESULT tag=103 err=0 qtime=0.000007 etime=0.000332 text= Jan 04 19:25:55 ldap01 slapd[289]: slap_graduate_commit_csn: removing 0x7f57d422b4a0 20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1047 op=2 syncprov_sendresp: to=004, cookie=rid=001,sid=001,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1047 op=2 syncprov_sendresp: sending LDAP_SYNC_ADD, dn=cn=config Jan 04 19:25:55 ldap01 slapd[289]: conn=1046 op=2 syncprov_sendresp: to=003, cookie=rid=001,sid=001,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1046 op=2 syncprov_sendresp: sending LDAP_SYNC_ADD, dn=cn=config Jan 04 19:25:55 ldap01 slapd[289]: conn=1045 op=2 syncprov_sendresp: to=002, cookie=rid=001,sid=001,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap01 slapd[289]: conn=1045 op=2 syncprov_sendresp: sending LDAP_SYNC_ADD, dn=cn=config Jan 04 19:25:55 ldap01 ldapmodify[2589]: DIGEST-MD5 common mech free Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 op=2 UNBIND Jan 04 19:25:55 ldap01 slapd[289]: conn=1053 fd=39 closed

-------------

On all other ldap-servers I see: ------------- Jan 04 19:25:55 ldap02 slapd[493]: do_syncrep2: rid=001 cookie=rid=001,sid=001,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: syncrepl_message_to_entry: rid=001 DN: cn=config, UUID: 1298b21a-fb42-103b-84c0-7f85171bcaa6 Jan 04 19:25:55 ldap02 slapd[493]: syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) csn=20220104182555.949883Z#000000#001#000000 tid 0x7f5c535d0700 Jan 04 19:25:55 ldap02 slapd[493]: syncrepl_entry: rid=001 be_search (0) Jan 04 19:25:55 ldap02 slapd[493]: syncrepl_entry: rid=001 cn=config Jan 04 19:25:55 ldap02 slapd[493]: slap_queue_csn: queueing 0x7f5c3812d290 20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: conn=-1 op=0 syncprov_matchops: recording uuid for dn=cn=config on opc=0x7f5c380035b8 Jan 04 19:25:55 ldap02 slapd[493]: conn=-1 op=0 syncprov_findbase: searching Jan 04 19:25:55 ldap02 slapd[493]: conn=-1 op=0 syncprov_findbase: searching Jan 04 19:25:55 ldap02 slapd[493]: conn=1007 op=2 syncprov_qresp: set up a new syncres mode=1 csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: conn=1005 op=2 syncprov_qresp: set up a new syncres mode=1 csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: slap_graduate_commit_csn: removing 0x7f5c3812d290 20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: syncrepl_entry: rid=001 be_modify cn=config (0) Jan 04 19:25:55 ldap02 slapd[493]: slap_queue_csn: queueing 0x7f5c38139c50 20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: conn=1007 op=2 syncprov_sendresp: to=004, cookie=rid=002,sid=002,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 systemd[1]: Starting Cleanup of Temporary Directories... Jan 04 19:25:55 ldap02 slapd[493]: conn=1007 op=2 syncprov_sendresp: sending LDAP_SYNC_ADD, dn=cn=config Jan 04 19:25:55 ldap02 slapd[493]: conn=1005 op=2 syncprov_sendresp: to=003, cookie=rid=002,sid=002,csn=20220104182555.949883Z#000000#001#000000 Jan 04 19:25:55 ldap02 slapd[493]: conn=1005 op=2 syncprov_sendresp: sending LDAP_SYNC_ADD, dn=cn=config Jan 04 19:25:55 ldap02 slapd[493]: slap_graduate_commit_csn: removing 0x7f5c38139c50 20220104182555.949883Z#000000#001#000000

------------- Looks good to me

then I change an ACL in "dn: olcDatabase={2}mdb,cn=config" that's my main DB for all my objects.

This is the ldif I use: --------------- dn: olcDatabase={2}mdb,cn=config changeType: modify delete: olcAccess olcAccess: {0} - add: olcAccess olcAccess: {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.exact="gidNumber=1111+uidNumber=1111,cn=peercred,cn=external,cn=auth" manage by dn.exact="uid=ldap-admin,ou=users,dc=example,dc=net" write by dn.exact="uid=repl-user,ou=users,dc=example,dc=net" read by dn.exact="uid=sssd-user,cn=gssapi,cn=auth" read by dn.exact="krbPrincipalName=K/M@EXAMPLE.NET,cn=EXAMPLE.NET,cn=kerberos,dc=example,dc=net" write by dn.exact="uid=kdc,ou=kerberos-adm,dc=example,dc=net" write by dn.exact="uid=kadmin,ou=kerberos-adm,dc=example,dc=net" write by * break ---------------

The messages on the ldap where I do the modify: --------------- Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=0 BIND dn="cn=admin,cn=config" method=128 Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=0 BIND dn="cn=admin,cn=config" mech=SIMPLE bind_ssf=0 ssf=0 Jan 04 19:36:13 ldap01 slapd[289]: connection_input: conn=1055 deferring operation: binding Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=0 RESULT tag=97 err=0 qtime=0.000023 etime=0.016252 text= Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=1 MOD dn="olcDatabase={2}mdb,cn=config" Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=1 MOD attr=olcAccess olcAccess Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=1 syncprov_matchops: recording uuid for dn=olcDatabase={2}mdb,cn=config on opc=0x7f57c4001db8 Jan 04 19:36:13 ldap01 slapd[289]: slap_get_csn: conn=1055 op=1 generated new csn=20220104183613.852654Z#000000#001#000000 manage=1 Jan 04 19:36:13 ldap01 slapd[289]: slap_queue_csn: queueing 0x7f57c4119860 20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1047 op=2 syncprov_qresp: set up a new syncres mode=2 csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1046 op=2 syncprov_qresp: set up a new syncres mode=2 csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1045 op=2 syncprov_qresp: set up a new syncres mode=2 csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=1 RESULT tag=103 err=0 qtime=0.000946 etime=0.002456 text= Jan 04 19:36:13 ldap01 slapd[289]: slap_graduate_commit_csn: removing 0x7f57c4119860 20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1047 op=2 syncprov_sendresp: to=004, cookie=rid=001,sid=001,csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1047 op=2 syncprov_sendresp: sending LDAP_SYNC_MODIFY, dn=olcDatabase={2}mdb,cn=config Jan 04 19:36:13 ldap01 slapd[289]: conn=1046 op=2 syncprov_sendresp: to=003, cookie=rid=001,sid=001,csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1046 op=2 syncprov_sendresp: sending LDAP_SYNC_MODIFY, dn=olcDatabase={2}mdb,cn=config Jan 04 19:36:13 ldap01 slapd[289]: conn=1045 op=2 syncprov_sendresp: to=002, cookie=rid=001,sid=001,csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap01 slapd[289]: conn=1045 op=2 syncprov_sendresp: sending LDAP_SYNC_MODIFY, dn=olcDatabase={2}mdb,cn=config Jan 04 19:36:13 ldap01 ldapmodify[2611]: DIGEST-MD5 common mech free Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 op=2 UNBIND Jan 04 19:36:13 ldap01 slapd[289]: conn=1055 fd=39 closed Jan 04 19:36:13 ldap01 slapd[289]: conn=1046 op=3 UNBIND Jan 04 19:36:13 ldap01 slapd[289]: conn=1046 fd=41 closed Jan 04 19:36:13 ldap01 slapd[289]: conn=1047 op=3 UNBIND Jan 04 19:36:13 ldap01 slapd[289]: conn=1047 fd=42 closed Jan 04 19:36:13 ldap01 slapd[289]: conn=1045 op=3 UNBIND Jan 04 19:36:13 ldap01 slapd[289]: conn=1045 fd=40 closed

---------------

and here the messages on all other ldap: -------------- Jan 04 19:36:13 ldap02 slapd[493]: do_syncrep2: rid=001 cookie=rid=001,sid=001,csn=20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_message_to_entry: rid=001 DN: olcDatabase={2}mdb,cn=config, UUID: 129bc81a-fb42-103b-999a-95e961ed368a Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY) csn=20220104183613.852654Z#000000#001#000000 tid 0x7f5c51dcd700 Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 be_search (0) Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 olcDatabase={2}mdb,cn=config Jan 04 19:36:13 ldap02 slapd[493]: slap_queue_csn: queueing 0x7f5c44243640 20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap02 slapd[493]: slap_graduate_commit_csn: removing 0x7f5c44243640 20220104183613.852654Z#000000#001#000000 Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 be_add olcDatabase={2}mdb,cn=config (68) Jan 04 19:36:13 ldap02 slapd[493]: conn=-1 op=0 syncprov_matchops: recording uuid for dn=olcDatabase={2}mdb,cn=config on opc=0x7f5c44000ce8 Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_null_callback : error code 0x35 Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 be_modify olcDatabase={2}mdb,cn=config (53) Jan 04 19:36:13 ldap02 slapd[493]: syncrepl_entry: rid=001 be_modify failed (53) Jan 04 19:36:13 ldap02 slapd[493]: do_syncrepl: rid=001 rc 53 retrying (2 retries left) Jan 04 19:36:18 ldap02 slapd[493]: do_syncrep1: rid=001 starting refresh (sending cookie=rid=001,sid=002,csn=20220104182555.949883Z#000000#001#000000;20220104181643.625745Z#000000#002#000000) Jan 04 19:36:18 ldap02 slapd[493]: do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_message_to_entry: rid=001 DN: olcDatabase={2}mdb,cn=config, UUID: 129bc81a-fb42-103b-999a-95e961ed368a Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) csn=(none) tid 0x7f5c51dcd700 Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 be_search (0) Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 olcDatabase={2}mdb,cn=config Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 be_add olcDatabase={2}mdb,cn=config (68) Jan 04 19:36:18 ldap02 slapd[493]: conn=-1 op=0 syncprov_matchops: recording uuid for dn=olcDatabase={2}mdb,cn=config on opc=0x7f5c44000cb0 Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_null_callback : error code 0x35 Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 be_modify olcDatabase={2}mdb,cn=config (53) Jan 04 19:36:18 ldap02 slapd[493]: syncrepl_entry: rid=001 be_modify failed (53) Jan 04 19:36:18 ldap02 slapd[493]: do_syncrepl: rid=001 rc 53 retrying (1 retries left) --------------

Here you see the error 53. So changing the "dn: olcDatabase={2}mdb,cn=config"always fails. I can do changes to any othe of the dn: entries in cn=config only the changes in the configuration of the main DB are failing.