gael.roualland@oleane.net wrote:

Full_Name: Gaël Roualland Version: 2.3.33 OS: Linux URL: ftp://ftp.openldap.org/incoming/gael.roualland-070126.diff Submission from: (NULL) (213.56.0.199)

Hello,

Slurpd has a bug when replicating, in the way it generates the LDAPMod array of the add and modify operations : if the same attribute is present several times (for add) or in multiple change blocks (for modify) in the replication log, it simply adds all occurences to the LDAPMod array, hence having one or more attributes repeated serveral times which violates the protocol.

This is usually fine with slapd because there is code there to accept invalid queries from the updatedn, but it is rejected if you're not using updatedn (which happens to be our case in a custom floating master scenario).

The uploaded patch fixes this in slurpd by replacing its LDAPmod logic by one based on ldapmodify which generates proper requests. I know slurpd is considered deprecated, however this might be useful to others still using it and would allow to remove the exception from slapd code.

Regards,

As far as I can see, slurpd merely processes the changes in the replog. If it is generating requests out of sequence, then they must have been recorded out-of-sequence in the log. And yet I don't see any reason why slapd would generate the modifications out of sequence.

What are the circumstances that cause these improper sequences to get into the replog in the first place?

As for copying the code from ldapmodify.c into slurpd - probably the better solution would be to move the relevant code from ldapmodify.c into a library. When we still maintained libldif as its own entity it would have made sense to put it there, but now it would seem to best fit in libldap, and perhaps the other LDIF routines in liblutil should move there as well. This would also partially address ITS#4033.