[Issue 9514] New: Modification of a record by changing its password in one master, intermittently causes the record to be deleted from other masters.
https://bugs.openldap.org/show_bug.cgi?id=9514
Issue ID: 9514 Summary: Modification of a record by changing its password in one master, intermittently causes the record to be deleted from other masters. Product: OpenLDAP Version: 2.4.44 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: loojonathand+ldap@gmail.com Target Milestone: ---
We have a network topology with 3 master LDAP servers in 3 different cities. Each master has 1 replica, so a total of 6 LDAP servers. All of them are VMs running CentOS Linux release 7.9.2009.
When we use ldapmodify to modify a record (for example, change its password) on one of the master servers, then the next time LDAP replicates to the other 2 masters, sometimes the record we tried to modify is deleted from the other 2 masters. (The usual procedure is to modify the record in all 3 masters, but the same thing happens if you modify the record in one master LDAP server and then sync the other 2 masters.) So for example if we modify a record on one server
Mar 30 11:58:25 VMWGTNMSBRLD01 slapd[9083]: conn=675967 op=1 MOD dn="uid=JZTEST,ou=users,ou=radius,dc=hnops,dc=net"
then sometimes we get, in one of the other servers:
Mar 30 12:06:38 VMWNLVMSBRLD01 slapd[5079]: syncrepl_del_nonpresent: rid=004 be_delete uid=JZTEST,ou=users,ou=radius,dc=hnops,dc=net (0)
The password-change process uses an "ldapmodify" command not a delete command, so not sure why this happens.
https://bugs.openldap.org/show_bug.cgi?id=9514
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Jonathan from comment #0)
We have a network topology with 3 master LDAP servers in 3 different cities. Each master has 1 replica, so a total of 6 LDAP servers. All of them are VMs running CentOS Linux release 7.9.2009.
OpenLDAP 2.4.44 is not safe to use with MMR. Use a current release. Symas provides a free drop in replacement for CentOS7 at https://repo.symas.com/sofl/rhel7/ with current OpenLDAP Releases.
The LTB project also provides free current builds of OpenLDAP for CentOS7 that deploy into /usr/local. They can be obtained from https://ltb-project.org/documentation/openldap-rpm#yum_repository
https://bugs.openldap.org/show_bug.cgi?id=9514
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9514
--- Comment #2 from Jonathan loojonathand+ldap@gmail.com --- Created attachment 812 --> https://bugs.openldap.org/attachment.cgi?id=812&action=edit relevant lines from configuration
This is the portion of the configuration that I feel may be relevant, with private information redacted manually
-
openldap-its@openldap.org