openldap-software February 2008

openldap-software@openldap.org

86 participants
94 discussions

Replication errors with 2.3.40
by Diego Woitasen 01 Feb '08

01 Feb '08

I have a classic master-slave replication scenario with OpenLDAP 2.3.40. I have some problems with replication, it fails random with error like I pasted above. I don't understand with I get "No such attribte..." if the attribute exists in both servers. I resinchronized the servers manually but the problem happened again. This errors happens frequently with Samba attributes, because are the most active. This LDAP is a Samba password backend. I pasted the log file and a search in both servers. ----------------------[slave:636.rej]-------------------------------------------- ERROR: No such attribute: modify/delete: sambaAcctFlags: no such value replica: slave:636 time: 1201645742.0 dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar changetype: modify delete: sambaAcctFlags sambaAcctFlags: [ULX ] - add: sambaAcctFlags sambaAcctFlags: [UX ] - replace: entryCSN entryCSN: 20080129222902Z#000000#00#000000 - replace: modifiersName modifiersName: cn=manager,dc=example,dc=com,dc=ar - replace: modifyTimestamp modifyTimestamp: 20080129222902Z - -------------------[ slave log file] --------------------------------- Jan 29 20:29:03 slave slapd[23738]: conn=213 op=5 RESULT tag=103 err=16 text=modify/delete: sambaAcctFlags: no such value --------------------[ ldapsearch to master ]-------------------- [root@elcani openldap]# bin/ldapsearch -x -D "cn=manager,dc=example,dc=com,dc=ar" -w secret -h master uid=rrhh sambaAcctFlags # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=rrhh # requesting: sambaAcctFlags # # rrhh, Users, examples.com.ar dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar sambaAcctFlags: [ULX ] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@elcani openldap]# bin/ldapsearch -x -D "cn=manager,dc=example,dc=com,dc=ar" -w secret -h slave uid=rrhh sambaAcctFlags # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: uid=rrhh # requesting: sambaAcctFlags # # rrhh, Users, example.com.ar dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar sambaAcctFlags: [UX ] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- Diego Woitasen XTECH - Soluciones Linux para empresas (54) 011 5219-0678 ~ ~ ~

2 1

cloning instances of openldap?
by Thomas Ledbetter 01 Feb '08

01 Feb '08

Is it safe to use a 'clone' of an openldap servers's database to rebuild another server in a cluster? In my tests, I followed a procedure where I shut 2 servers down, copied the backend database from one to the other, and restarted and everything seems to indicate that the 'cloned' server is valid. Replication works.. Adds/deletes work.. etc.. Is there any danger in using this procedure? Is there anything 'instance specific' that is stored in the directory that could cause an issue? Ive found that even using slapadd's 'quick' flag it can still take 4 hours to import an LDIF, and if I can rely on this procedure to rebuild an LDAP read server in a crisis, I'd like to continue using it.

8 11

ldap_tls call failed: Can't contact LDAP server
by Digambar Sawant 01 Feb '08

01 Feb '08

Hi, I want to establish secure ldap connection. I have tried following: 1. ldap_init 2. ldap_set_option( pLdapObj, LDAP_OPT_X_TLS_CACERTFILE, "/tmp/certficate.cert" 3. iRetCode = ldap_start_tls_s(pLdapObj, NULL, NULL); Here 3. ldap_start_tls_s failed with error: "Can't contact LDAP server". What is wrong here? Are there any more steps to make it work? Please help me. Thanks, Digambar

5 6

2.3.39 syncrepl lost connection
by Francis Swasey 01 Feb '08

01 Feb '08

I have a strange problem that is causing me to go nuts. I have five servers all on RHEL v4, all with OpenLDAP 2.3.39 (locally built RPM). The master server is a VMWare guest, one of the replicas is a blade, the other three are 2U boxes. Twice now two of the four replicas have stopped updating at around 2:45am. It was not the same two both times (although the blade was one of them both times). All five servers have loglevel set to "stats sync". There was nothing logged on either end about any network error and my networking folks have looked at all the logs for all the ports involved and found nothing. Although, my first thought was something in the network because we just moved these to a brand new data center. The fix both times so far has been to recycle slapd on the two replicas and they get caught up in minutes. The syncrepl config on the replicas is for refreshAndPersist and does a retry every 30 seconds -- so, if the replica knew the connection had dropped, it should have restarted it. We run a command via nagios (nrpe) on each replica every five minutes that compares the contextcsn of the replica and the master. I see those connections/queries in the logs on the master continuing and nagios eventually yells that we're dreadfully behind on the replicas. Has anyone seen something like this before -- or have a suggestion of a method of figuring out why/where the connection is getting broken? Thanks, -- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software February 2008