Replication errors with 2.3.40
by Diego Woitasen
I have a classic master-slave replication scenario with OpenLDAP 2.3.40. I
have some problems with replication, it fails random with error like I
pasted above.
I don't understand with I get "No such attribte..." if the attribute
exists in both servers. I resinchronized the servers manually but the
problem happened again. This errors happens frequently with Samba
attributes, because are the most active.
This LDAP is a Samba password backend.
I pasted the log file and a search in both servers.
----------------------[slave:636.rej]--------------------------------------------
ERROR: No such attribute: modify/delete: sambaAcctFlags: no such value
replica: slave:636
time: 1201645742.0
dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar
changetype: modify
delete: sambaAcctFlags
sambaAcctFlags: [ULX ]
-
add: sambaAcctFlags
sambaAcctFlags: [UX ]
-
replace: entryCSN
entryCSN: 20080129222902Z#000000#00#000000
-
replace: modifiersName
modifiersName: cn=manager,dc=example,dc=com,dc=ar
-
replace: modifyTimestamp
modifyTimestamp: 20080129222902Z
-
-------------------[ slave log file] ---------------------------------
Jan 29 20:29:03 slave slapd[23738]: conn=213 op=5 RESULT tag=103 err=16
text=modify/delete: sambaAcctFlags: no such value
--------------------[ ldapsearch to master ]--------------------
[root@elcani openldap]# bin/ldapsearch -x -D
"cn=manager,dc=example,dc=com,dc=ar" -w secret -h master uid=rrhh
sambaAcctFlags
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=rrhh
# requesting: sambaAcctFlags
#
# rrhh, Users, examples.com.ar
dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar
sambaAcctFlags: [ULX ]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@elcani openldap]# bin/ldapsearch -x -D
"cn=manager,dc=example,dc=com,dc=ar" -w secret -h slave uid=rrhh
sambaAcctFlags
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=rrhh
# requesting: sambaAcctFlags
#
# rrhh, Users, example.com.ar
dn: uid=rrhh,ou=Users,dc=example,dc=com,dc=ar
sambaAcctFlags: [UX ]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--
Diego Woitasen
XTECH - Soluciones Linux para empresas
(54) 011 5219-0678
~
~
~
14 years, 6 months
cloning instances of openldap?
by Thomas Ledbetter
Is it safe to use a 'clone' of an openldap servers's database to
rebuild another server in a cluster?
In my tests, I followed a procedure where I shut 2 servers down,
copied the backend database from one to the other, and restarted and
everything seems to indicate that the 'cloned' server is valid.
Replication works.. Adds/deletes work.. etc..
Is there any danger in using this procedure? Is there anything
'instance specific' that is stored in the directory that could cause an
issue?
Ive found that even using slapadd's 'quick' flag it can still take 4
hours to import an LDIF, and if I can rely on this procedure to rebuild
an LDAP read server in a crisis, I'd like to continue using it.
14 years, 6 months
ldap_tls call failed: Can't contact LDAP server
by Digambar Sawant
Hi,
I want to establish secure ldap connection.
I have tried following:
1. ldap_init
2. ldap_set_option( pLdapObj, LDAP_OPT_X_TLS_CACERTFILE,
"/tmp/certficate.cert"
3. iRetCode = ldap_start_tls_s(pLdapObj, NULL, NULL);
Here 3. ldap_start_tls_s failed with error: "Can't contact LDAP server".
What is wrong here? Are there any more steps to make it work?
Please help me.
Thanks,
Digambar
14 years, 6 months
2.3.39 syncrepl lost connection
by Francis Swasey
I have a strange problem that is causing me to go nuts.
I have five servers all on RHEL v4, all with OpenLDAP 2.3.39 (locally
built RPM). The master server is a VMWare guest, one of the replicas is
a blade, the other three are 2U boxes.
Twice now two of the four replicas have stopped updating at around
2:45am. It was not the same two both times (although the blade was one
of them both times).
All five servers have loglevel set to "stats sync".
There was nothing logged on either end about any network error and my
networking folks have looked at all the logs for all the ports involved
and found nothing. Although, my first thought was something in the
network because we just moved these to a brand new data center.
The fix both times so far has been to recycle slapd on the two replicas
and they get caught up in minutes.
The syncrepl config on the replicas is for refreshAndPersist and does a
retry every 30 seconds -- so, if the replica knew the connection had
dropped, it should have restarted it.
We run a command via nagios (nrpe) on each replica every five minutes
that compares the contextcsn of the replica and the master. I see those
connections/queries in the logs on the master continuing and nagios
eventually yells that we're dreadfully behind on the replicas.
Has anyone seen something like this before -- or have a suggestion of a
method of figuring out why/where the connection is getting broken?
Thanks,
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
14 years, 6 months
