Re: (ITS#7710) contextCSN values not updated by internal non-replicated ops - openldap-bugs

6 Oct 2013


      I've updated the test data with LDIF files and a README describing the LDAP
operations to perform:
http://www.stroeder.com/temp/openldap-testbed-its7710.tar.bz2
I consider this to be a serious issue which could be the cause for other
replication issues including dead-locks we're experiencing. (Maybe there are
similar issues in slapo-refint since dead-locks in our deployment arised when
moving entries into different subtree.)
Ciao, Michael.
The README copied here for direct access:
----------------------------------------------------------------------------
0. Start both servers by invoking start-slapd1.sh and start-slapd2.sh
----------------------------------------------------------------------------
1. Add test entries on first server:
$ ldapadd -H ldap://localhost:2071 -D "uid=diradm,dc=example,dc=com" -w
testsecret -f 1_ldapadd.ldif
adding new entry "dc=example,dc=com"
[..]
adding new entry "cn=replicas,ou=groups,dc=example,dc=com"
You can now see contextCSN value of first server on both servers (as expected):
$ for I in 1 2 ; do (echo ldap://localhost:207$I ;  ldapsearch -LLL -H
ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b
"dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done
ldap://localhost:2071
dn: dc=example,dc=com
contextCSN: 20131006154300.921415Z#000000#001#000000
ldap://localhost:2072
dn: dc=example,dc=com
contextCSN: 20131006154300.921415Z#000000#001#000000
----------------------------------------------------------------------------
2. Send a simple modification to second server:
$ ldapmodify -H ldap://localhost:2072 -D "uid=diradm,dc=example,dc=com" -w
testsecret -f 2_ldapmodify.ldif
modifying entry "uid=michael,ou=users,dc=example,dc=com"
You can now see contextCSN value of second server on both servers (as expected):
$ for I in 1 2 ; do (echo ldap://localhost:207$I ;  ldapsearch -LLL -H
ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b
"dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done
ldap://localhost:2071
dn: dc=example,dc=com
contextCSN: 20131006154300.921415Z#000000#001#000000
contextCSN: 20131006154406.940154Z#000000#002#000000
ldap://localhost:2072
dn: dc=example,dc=com
contextCSN: 20131006154300.921415Z#000000#001#000000
contextCSN: 20131006154406.940154Z#000000#002#000000
----------------------------------------------------------------------------
3. Modification of group membership on first server:
$ ldapmodify -H ldap://localhost:2071 -D "uid=diradm,dc=example,dc=com" -w
testsecret -f 3_ldapmodify.ldif
modifying entry "cn=testgroup1,ou=groups,dc=example,dc=com"
Now the contextCSN values differ:
$ for I in 1 2 ; do (echo ldap://localhost:207$I ;  ldapsearch -LLL -H
ldap://localhost:207$I -D "uid=diradm,dc=example,dc=com" -w testsecret -b
"dc=example,dc=com" -s base "(objectClass=*)" contextCSN ) ; done
ldap://localhost:2071
dn: dc=example,dc=com
contextCSN: 20131006154449.514135Z#000000#001#000000
contextCSN: 20131006154406.940154Z#000000#002#000000
ldap://localhost:2072
dn: dc=example,dc=com
contextCSN: 20131006154300.921415Z#000000#001#000000
contextCSN: 20131006154406.940154Z#000000#002#000000