Hello list,
I am trying to setup referral chaining in a multi-master setup. I can setup chaining to one of the masters without any problems. And I can perform a MOD operation that is then referral chased and performed on the master.
However, when I define both masters the replica crashes when I do a MOD operation.
Snippet of cn=config from the working example:
dn: olcDatabase={1}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: {1}ldap olcDbStartTLS: start starttls=yes olcDbIDAssertAuthzFrom: {0}* olcDbRebindAsUser: FALSE olcDbChaseReferrals: TRUE olcDbTFSupport: no olcDbProxyWhoAmI: FALSE olcDbProtocolVersion: 3 olcDbSingleConn: FALSE olcDbCancel: abandon olcDbUseTemporaryConn: FALSE olcDbConnectionPoolMax: 16 olcDbNoRefs: FALSE olcDbNoUndefFilter: FALSE olcDbURI: ldap://ldap-m1.example.com olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="cn=admin,dc=example,dc=com" credentials="secret" keepalive=0:0:0 starttls=yes tls_reqcert=allow
If I change olcDbURI to either of the entries below, the replica server crashes * olcDbURI: "ldap://ldap-m1.example.com,ldap://ldap-m2.example.com" * olcDbURI: "ldap://ldap-m1.example.com ldap://ldap-m2.example.com"
According to slapd-ldap(5), the URI list can be comma or space separated.
I've turned on "args" and "trace" debugging to troubleshoot, but never get any errors in the logs. I only see an attempt to chase the referral followed by an immediate crash (see log snippet at the end of email).
Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also able to replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise.
Any help is much appreciated. -- Khosrow Ebrahimpour
Crash Log:
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 modifications: Sep 8 21:07:23 ldap-rep1 slapd[20947]: replace: givenName Sep 8 21:07:23 ldap-rep1 slapd[20947]: one value, length 1 Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD dn="uid=user1,ou=people,dc=example,dc=com" Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD attr=givenName Sep 8 21:07:23 ldap-rep1 slapd[20947]: bdb_dn2entry("uid=user1,ou=people,dc=example,dc=com") Sep 8 21:07:23 ldap-rep1 slapd[20947]: => hdb_dn2id("ou=people,dc=example,dc=com") Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0x6 Sep 8 21:07:23 ldap-rep1 slapd[20947]: => hdb_dn2id("uid=user1,ou=people,dc=example,dc=com") Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0xe Sep 8 21:07:23 ldap-rep1 slapd[20947]: entry_decode: "" Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= entry_decode() Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: conn=1000 op=1 p=3 Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: err=10 matched="" text="" Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: referral="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com" Sep 8 21:07:23 ldap-rep1 slapd[20947]: >>> dnPrettyNormal: <uid=user1,ou=people,dc=example,dc=com> Sep 8 21:07:23 ldap-rep1 slapd[20947]: <<< dnPrettyNormal: <uid=user1,ou=people,dc=example,dc=com>, <uid=user1,ou=people,dc=example,dc=com> Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 ldap_chain_op: ref="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com" -> "ldap://ldap-m1.example.com" Sep 8 21:09:02 ldap-rep1 slapd[21057]: @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $ buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd