I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project started before 2.4..19 came out). The old configuration uses slurpd, hence I have been tasked to set up a producer/consumer replication via syncrepl using the push model. I'm following the example from the admin guide but I have to modify the suffix/searchbase to be "" (as we allow pretty much anything in the DB).
Doing this causes these log messages (loglevel 0x4000):
on the master: do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE do_syncrep2: cookie=rid=001,sid=001,csn=20091014205621.868761Z#000000#001#000000 slap_queue_csn: queing 0x2aaaac001d90 20091014205621.868761Z#000000#001#000000 null_callback : error code 0x35 syncrepl_updateCookie: rid=001 be_modify failed (53)
on the consumer: slap_queue_csn: queing 0xd8e3a30 20091014205621.868761Z#000000#001#000000 slap_graduate_commit_csn: removing 0xd8e3b00 20091014205621.868761Z#000000#001#000000 conn=0 op=42 do_modify: root dse!
This seems to be a problem with ``searchbase=""'' (in ``syncrepl''). If it is changed to ``searchbase="dc=com"'' (and matching ``suffix "dc=com"'' for ``database ldap'') the error does not occur.
Is it possible to achieve what we want using some other options?
Relevant parts from master slapd.conf: ---------------------------------------- database monitor
database bdb directory /var/ldap/openldap-bdb suffix "" rootdn "cn=Manager" rootpw syncroni index entryCSN,entryUUID eq serverID 001 overlay syncprov
database ldap hidden on suffix "" rootdn "cn=slapd-ldap" uri ldap://CONSUMER.HOST/ lastmod on restrict all
acl-bind bindmethod=simple binddn="cn=Monitor" credentials=password
syncrepl rid=001 provider=ldap://localhost/ bindmethod=simple binddn="cn=Manager" credentials=syncroni scope=children searchbase="" filter="(objectClass=*)" type=refreshAndPersist retry="5 2 300 2" ----------------------------------------
relevant parts from consumer slapd.conf: ---------------------------------------- database monitor rootdn "cn=Monitor" rootpw password
database bdb directory /var/ldap/openldap-bdb suffix "" index entryUUID eq access to dn.subtree="" attrs=hasSubordinates by dn.exact="cn=Monitor" none by * read access to dn.subtree="" by dn.exact="cn=Monitor" write by * read updatedn "cn=Monitor" updateref ldap://MASTER.HOST/ ----------------------------------------
--On Wednesday, October 14, 2009 7:12 PM -0700 ml+openldap@esmtp.org wrote:
I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project started before 2.4..19 came out). The old configuration uses slurpd, hence I have been tasked to set up a producer/consumer replication via syncrepl using the push model. I'm following the example from the admin guide but I have to modify the suffix/searchbase to be "" (as we allow pretty much anything in the DB).
scope=children
The problem is your scope statement. Remove it entirely so it uses the default.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On Thu, Oct 15, 2009, Quanah Gibson-Mount wrote:
--On Wednesday, October 14, 2009 7:12 PM -0700 ml+openldap@esmtp.org wrote:
I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project
hence I have been tasked to set up a producer/consumer replication via syncrepl using the push model. I'm following the example from the admin guide but I have to modify the suffix/searchbase to be "" (as we allow pretty much anything in the DB).
scope=children
The problem is your scope statement. Remove it entirely so it uses the default.
Thanks for the reply. I tried that and it produces the same error. AFAIR we started with the version from the example: ``scope=sub'' which is the default according to slapd.conf(5) and received the error, so we tried other values.
Any other suggestions how to fix this?
--On Thursday, October 15, 2009 8:21 AM -0700 ml+openldap@esmtp.org wrote:
On Thu, Oct 15, 2009, Quanah Gibson-Mount wrote:
--On Wednesday, October 14, 2009 7:12 PM -0700 ml+openldap@esmtp.org wrote:
I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project
hence I have been tasked to set up a producer/consumer replication via syncrepl using the push model. I'm following the example from the admin guide but I have to modify the suffix/searchbase to be "" (as we allow pretty much anything in the DB).
scope=childrenThe problem is your scope statement. Remove it entirely so it uses the default.
Thanks for the reply. I tried that and it produces the same error. AFAIR we started with the version from the example: ``scope=sub'' which is the default according to slapd.conf(5) and received the error, so we tried other values.
Any other suggestions how to fix this?
I replicate from the "" base, and it works fine for me. Here's the template used:
syncrepl rid=${ldap_replica_rid} provider=${ldap_master_url} retry="60 +" type=refreshAndPersist schemachecking=off searchbase="" bindmethod=simple binddn=uid=zmreplica,cn=admins,cn=zimbra credentials=@@ldap_replication_password@@
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
ml+openldap@esmtp.org wrote:
I'm trying to replace OpenLDAP 2.3.x with 2.4.18 (this project started before 2.4..19 came out). The old configuration uses slurpd, hence I have been tasked to set up a producer/consumer replication via syncrepl using the push model. I'm following the example from the admin guide but I have to modify the suffix/searchbase to be "" (as we allow pretty much anything in the DB).
Doing this causes these log messages (loglevel 0x4000):
on the master: do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE do_syncrep2: cookie=rid=001,sid=001,csn=20091014205621.868761Z#000000#001#000000 slap_queue_csn: queing 0x2aaaac001d90 20091014205621.868761Z#000000#001#000000 null_callback : error code 0x35 syncrepl_updateCookie: rid=001 be_modify failed (53)
on the consumer: slap_queue_csn: queing 0xd8e3a30 20091014205621.868761Z#000000#001#000000 slap_graduate_commit_csn: removing 0xd8e3b00 20091014205621.868761Z#000000#001#000000 conn=0 op=42 do_modify: root dse!
This seems to be a problem with ``searchbase=""'' (in ``syncrepl''). If it is changed to ``searchbase="dc=com"'' (and matching ``suffix "dc=com"'' for ``database ldap'') the error does not occur.
Is it possible to achieve what we want using some other options?
It might not be as soon as some internal searches rooted at <searchbase> with scope "base" need to be performed, because in this case they would actually return the rootDSE instead of the context entry of the database you're trying to replicate. This is a mere speculation, I haven't looked at the code yet.
p.
--On Wednesday, October 14, 2009 7:12 PM -0700 ml+openldap@esmtp.org wrote:
Relevant parts from master slapd.conf:
database monitor
database bdb directory /var/ldap/openldap-bdb suffix "" rootdn "cn=Manager" rootpw syncroni index entryCSN,entryUUID eq serverID 001 overlay syncprov
database ldap hidden on suffix "" rootdn "cn=slapd-ldap" uri ldap://CONSUMER.HOST/ lastmod on restrict all
acl-bind bindmethod=simple binddn="cn=Monitor" credentials=password
syncrepl rid=001 provider=ldap://localhost/ bindmethod=simple binddn="cn=Manager" credentials=syncroni scope=children searchbase="" filter="(objectClass=*)" type=refreshAndPersist retry="5 2 300 2"
relevant parts from consumer slapd.conf:
database monitor rootdn "cn=Monitor" rootpw password
database bdb directory /var/ldap/openldap-bdb suffix "" index entryUUID eq access to dn.subtree="" attrs=hasSubordinates by dn.exact="cn=Monitor" none by * read access to dn.subtree="" by dn.exact="cn=Monitor" write by * read updatedn "cn=Monitor" updateref ldap://MASTER.HOST/
Actually, I'm confused here... The "syncrepl" stanza belongs in the consumer's slapd.conf, not the masters.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Wednesday, October 14, 2009 7:12 PM -0700 ml+openldap@esmtp.org wrote:
Relevant parts from master slapd.conf:
database monitor
database bdb directory /var/ldap/openldap-bdb suffix "" rootdn "cn=Manager" rootpw syncroni index entryCSN,entryUUID eq serverID 001 overlay syncprov
database ldap hidden on suffix "" rootdn "cn=slapd-ldap" uri ldap://CONSUMER.HOST/ lastmod on restrict all
acl-bind bindmethod=simple binddn="cn=Monitor" credentials=password
syncrepl rid=001 provider=ldap://localhost/ bindmethod=simple binddn="cn=Manager" credentials=syncroni scope=children searchbase="" filter="(objectClass=*)" type=refreshAndPersist retry="5 2 300 2"
relevant parts from consumer slapd.conf:
database monitor rootdn "cn=Monitor" rootpw password
database bdb directory /var/ldap/openldap-bdb suffix "" index entryUUID eq access to dn.subtree="" attrs=hasSubordinates by dn.exact="cn=Monitor" none by * read access to dn.subtree="" by dn.exact="cn=Monitor" write by * read updatedn "cn=Monitor" updateref ldap://MASTER.HOST/
Actually, I'm confused here... The "syncrepl" stanza belongs in the consumer's slapd.conf, not the masters.
As he said, it's a "push" replication; the fake consumer database is in the producer's slapd.conf, and is hidden.
p.
--On Thursday, October 15, 2009 6:08 PM +0200 Pierangelo Masarati masarati@aero.polimi.it wrote:
As he said, it's a "push" replication; the fake consumer database is in the producer's slapd.conf, and is hidden.
Ah, well, then all bets are off. I've certainly never tried push replication with "".
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
ml+openldap@esmtp.org -
Pierangelo Masarati -
Quanah Gibson-Mount