-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: mercredi 20 mai 2020 23:25 To: Jean-Luc Chandezon jlch@lan-explore.fr; openldap- technical@openldap.org Subject: Re: Remove/change replication partner
--On Wednesday, May 20, 2020 3:33 PM +0000 Jean-Luc Chandezon jlch@lan-explore.fr wrote:
ldapmodify -Y EXTERNAL -H ldapi:/// -f removeConfigPartner.ldif
SASL/EXTERNAL authentication started
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"
Sounds like the "mirrormode" parameter is incorrectly set to FALSE instead of TRUE. In any case, there's clearly multiple things wrong with your config DB (like the multiple syncprov overlays).
Once again, you're right.
I would suggest you use slapcat to export it to LDIF, fix it to be correct, and then import the corrected LDIF with slapadd.
I followed your advice by removing wrong lines, but I can not import with simple line : slapadd -n 0 -l /tmp/config.ldif
I removed these lines in "dn: olcDatabase={0}config,cn=config" and " dn: olcDatabase={1}mdb,cn=config" :
olcSyncrepl: {0}rid=01 provider=ldap://bea-olp-001. lanexplore.com binddn ="cn=replication,dc=lanexplore,dc=com" bindmethod=simple credentials= i4Df0rXigrdz8HtYZemJ searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncrepl: {1}rid=02 provider=ldap://cdb-olp-001. lanexplore.com binddn ="cn=replication,dc= lanexplore,dc=com" bindmethod=simple credentials= i4Df0rXigrdz8HtYZemJ searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcMirrorMode: FALSE
olcSyncrepl: {0}rid=01 provider=ldap://bea-olp-001. lanexplore.com binddn ="cn=replication,dc= lanexplore,dc=com" bindmethod=simple credentials= i4Df0rXigrdz8HtYZemJ searchbase="dc= lanexplore,dc=com" type=refreshAn dPersist retry="5 5 300 5" timeout=1 olcSyncrepl: {1}rid=02 provider=ldap://cdb-olp-001.opticiens-atol.com binddn ="cn=replication,dc= lanexplore,dc=com" bindmethod=simple credentials= i4Df0rXigrdz8HtYZemJ searchbase="dc= lanexplore,dc=com" type=refreshAn dPersist retry="5 5 300 5" timeout=1 olcMirrorMode: TRUE
Result: slapadd: could not add entry dn="cn=config" (line=1)
Here are overlays config:
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 5a27c6c6-675a-1039-8db6-a516a2c70684 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20190909143210Z entryCSN: 20190909143210.478109Z#000000#001#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20190909143210Z
dn: olcOverlay={1}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: f6e4c5ce-7d4c-1039-8dc3-a516a2c70684 creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20191007125146Z entryCSN: 20191007125146.068170Z#000000#001#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20191007125146Z
Can I safely remove these parts? May I change the next overlay index? (unique overlay for example)?
Thanks,
Jean-Luc
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com