On 9/10/2015 11:19 AM, Quanah Gibson-Mount wrote:
--On Thursday, September 10, 2015 10:57 AM -0700 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Thursday, September 10, 2015 9:39 AM -0400 Aaron Richton richton@nbcs.rutgers.edu wrote:
On Wed, 9 Sep 2015, Nat Sincheler wrote:
2015-09-09T08:32:20.926931-07:00 ldap-jessie0 slapd[631]: conn=1161 op=4 SEARCH RESULT tag=101 err=2 nentries=0 text=Sync control : mode decoding error 2015-09-09T08:32:20.927211-07:00 ldap-jessie0 slapd[631]: conn=1161 op=4 do_search: get_ctrls failed
[...] What does "Sync control : mode decoding error" mean? Any suggestions on next steps for troubleshooting?
See RFC4533 section 2.2 ... mode i.e. refreshOnly or refreshAndPersist.
Well, the interesting bit is that it worked in 2.4.40 and previous, but broke in 2.4.41 or 2.4.42, where significant changes to the syncrepl code were made. It would be useful to know if it was 2.4.41 or 2.4.42. It would also be useful to have the full set of code, and I'd suggest using the latest Net::LDAPapi code (It's getting prepped for a new release):
Also, if you could send me the full script you are using, that would be helpful, thanks!
Here is a stripped-down version of the code:
use strict; use warnings;
use Net::LDAPapi;
sub make_connect { my $LDAP = ldap_connect(host => 'ldap-master0.example.com'); return $LDAP; }
sub ldap_connect { my %in = @_;
my $ldap;
if (($ldap = Net::LDAPapi->new($in{'host'})) == -1) { die "ERROR Connection to " . $in{'host'} . " failed."; } my $status; if ($in{'anonymous'}) { $status = $ldap->bind_s(); } else { $ldap->sasl_parms(-mech => "GSSAPI"); $status = $ldap->bind_s(-type => LDAP_AUTH_SASL); }
if ($status != LDAP_SUCCESS) { $ldap->unbind if $ldap; die 'ERROR Bind error connecting to ' . $in{'host'}; } return $ldap; }
sub listen_for_changes {
my $log_base_dn = 'cn=accesslog'; my $log_filter = 'objectclass=*'; my $log_cookie_file = '/var/run/ldap-sync-attributes.cookie';
# If the cookie file does not exist, create a new one. if (!(-e $log_cookie_file)) { open(my $FH, q{>}, $log_cookie_file); close($FH); }
my $LDAP = make_connect();
my $msgid = $LDAP->listen_for_changes(-basedn => $log_base_dn, -scope => LDAP_SCOPE_SUBTREE, -filter => $log_filter, -cookie => $log_cookie_file);
my %retry_list = ();
# Loop forever, listening for changes. Every time one is found, # iterate through each result, and make changes as needed.
while (1) { my @entries; while (@entries = $LDAP->next_changed_entries($msgid, 0, -1)) { foreach my $entry (@entries) {
# Find the dn of whatever changed my @reqdn = $LDAP->get_values('reqDN'); if (!@reqdn) { next; }
my $dn = $reqdn[0];
# Look at the changes my @mods = (); my $update_request = 0; if (@mods = $LDAP->get_values('reqMod')) { foreach my $val (@mods) { # Pick apart the result my $attr = my $action = my $value = q{}; if ($val =~ m{^(.+?):(.)\s+(.+)$}xsm) { $attr = $1; $action = $2; $value = $3; } elsif ($val =~ m{^(.+?):-}xsm) { $attr = $1; } elsif ($val =~ m{^([^:]+):=$}xsm) { $attr = $1; }
if (!$attr) { next; }
$update_request = 1; } }
if ($update_request) { # <update code here...> } }
$LDAP->msgfree; }
return; }
}