https://bugs.openldap.org/show_bug.cgi?id=9569
Issue ID: 9569 Summary: objectClass Violation with lastbind and delta-syncrepl Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: gnoe@symas.com Target Milestone: ---
If olcLastBind is set to true in a delta-syncrepl environment, slapd fails to add auditModify entries for lastbind to the accesslog due to an objectClass violation. The auditModify object lacks the required reqMod attributes. The lastbind module is not in use. The ppolicy overlay is also in use. It shows in the slapd log as:
Jun 03 13:05:34 l-02992-d5a slapd[18715]: Entry(reqStart=20210603170529.000262Z,cn=accesslog): object class 'auditModify' requires attribute 'reqMod' Jun 03 13:05:34 l-02992-d5a slapd[18715]: accesslog_response: got result 0x41 adding log entry reqStart=20210603170529.000262Z,cn=accesslog
https://bugs.openldap.org/show_bug.cgi?id=9569
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- It additionally appears that this new 2.5 functionality is further broken in that setting lastbind to false requires a restart for it to take effect.
I'd also note that unlike the lastbind overlay, there's no ability to set a precision value which means that this setting can be problematic in high traffic replicated environments.
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|2.4.58 |2.5.5
https://bugs.openldap.org/show_bug.cgi?id=9569
--- Comment #2 from Ondřej Kuzník ondra@mistotebe.net --- On Fri, Jun 04, 2021 at 03:06:44PM +0000, openldap-its@openldap.org wrote:
It additionally appears that this new 2.5 functionality is further broken in that setting lastbind to false requires a restart for it to take effect.
I cannot reproduce the issue in bug title, please provide a test scenario. I would note that changing olcLastBind on<->off at runtime works for me just fine.
I'd also note that unlike the lastbind overlay, there's no ability to set a precision value which means that this setting can be problematic in high traffic replicated environments.
Known limitation, please file an enhancement bug to track this.
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |SUSPENDED Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- suspending due to inability to reproduce
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|RESOLVED |CONFIRMED Resolution|SUSPENDED |---
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- Issue is hitting multiple customers.
https://bugs.openldap.org/show_bug.cgi?id=9569
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- Note: definitely not related to lastbind, as current case does not have it in use.
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.0 Keywords| |replication
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|--- |Highest
https://bugs.openldap.org/show_bug.cgi?id=9569
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|CONFIRMED |RESOLVED
--- Comment #6 from Howard Chu hyc@openldap.org --- reqMod schema requirement removed in master
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |hyc@openldap.org
--- Comment #7 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • 92ea88ec by Howard Chu at 2021-07-29T12:02:22+01:00 ITS#9569 make reqMod optional in modify ops
https://bugs.openldap.org/show_bug.cgi?id=9569
--- Comment #8 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • e893e0e8 by Howard Chu at 2021-07-29T12:55:15+01:00 ITS#9569 update schema def in manpage
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|objectClass Violation with |objectClass Violation with |lastbind and delta-syncrepl |delta-syncrepl
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|replication | Target Milestone|2.6.0 |2.5.7
--- Comment #9 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • 92ea88ec by Howard Chu at 2021-07-29T12:02:22+01:00 ITS#9569 make reqMod optional in modify ops
Commits: • e893e0e8 by Howard Chu at 2021-07-29T12:55:15+01:00 ITS#9569 update schema def in manpage
https://bugs.openldap.org/show_bug.cgi?id=9569
--- Comment #10 from Quanah Gibson-Mount quanah@openldap.org --- 2.5 commits:
Commits: • d60f868e by Howard Chu at 2021-08-16T16:10:58+00:00 ITS#9569 make reqMod optional in modify ops
• c98ecc63 by Howard Chu at 2021-08-16T16:11:05+00:00 ITS#9569 update schema def in manpage
• 651b2c80 by Quanah Gibson-Mount at 2021-08-16T16:12:18+00:00 ITS#9569
https://bugs.openldap.org/show_bug.cgi?id=9569
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Resolution|TEST |FIXED
-
openldap-its@openldap.org