Hello,
We have a strange situation with refint and rwm overlays on ldap replica. Looks like those overlays depend on each other and on position in the slapd.conf file regarding database section. However refint overlay is working in any position if rwm overlay is not specified. Here are the examples with positions in the file:
Refint overlay work if: 1. rwm overlay section database section refint overlay section
Refint overlay does not work if: 1. database section refint overlay section rwm overlay section 2. rwm overlay section refint overlay section database section
Could you please explain to us the root cause of that as I can't find any explanation in the docs.
-------- Maksim Saroka DevOps/System Administrator Exadel.com https://exadel.com/ Follow Us on LinkedIn https://www.linkedin.com/company/exadel/
--On Tuesday, October 10, 2023 4:43 PM +0200 Maksim Saroka msaroka@exadel.com wrote:
Hello,
We have a strange situation with refint and rwm overlays on ldap replica. Looks like those overlays depend on each other and on position in the slapd.conf file regarding database section. However refint overlay is working in any position if rwm overlay is not specified. Here are the examples with positions in the file:
Refint overlay work if: 1. rwm overlay section database section refint overlay section
Refint overlay does not work if: 1. database section refint overlay section rwm overlay section 2. rwm overlay section refint overlay section database section
Could you please explain to us the root cause of that as I can't find any explanation in the docs.
Hi,
A couple notes:
1. You really should use cn=config and not slapd.conf, as cn=config is deterministic. 2. In the first case above, "rwm" is probably ending up as a global overlay 3. In the third case above, "rwm" and "refint" are probably both ending up as global overlays 4. You never tried:
database section rwm overlay refint overlay
Finally, module load order can matter in certain circumstances, particularly with overlays that interact with one another. One reason why syncprov (in a replicated environment) should always be the first overlay in a database section.
--Quanah
Hello,
Thank you for the quick response!
"cn=config is deterministic” what does it mean? Could you please explain us the benefits in this case.
About this: 4. You never tried:
database section rwm overlay refint overlay
I’ve tried and it does not work.
--------- Maksim Saroka DevOps/System Administrator Exadel.com https://exadel.com/ Follow Us on LinkedIn https://www.linkedin.com/company/exadel/
On Oct 10, 2023, at 10:48 PM, Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Tuesday, October 10, 2023 4:43 PM +0200 Maksim Saroka msaroka@exadel.com wrote:
Hello,
We have a strange situation with refint and rwm overlays on ldap replica. Looks like those overlays depend on each other and on position in the slapd.conf file regarding database section. However refint overlay is working in any position if rwm overlay is not specified. Here are the examples with positions in the file:
Refint overlay work if:
- rwm overlay section database section refint overlay section
Refint overlay does not work if:
- database section refint overlay section rwm overlay section
- rwm overlay section refint overlay section database section
Could you please explain to us the root cause of that as I can't find any explanation in the docs.
Hi,
A couple notes:
- You really should use cn=config and not slapd.conf, as cn=config is deterministic.
- In the first case above, "rwm" is probably ending up as a global overlay
- In the third case above, "rwm" and "refint" are probably both ending up as global overlays
- You never tried:
database section rwm overlay refint overlay
Finally, module load order can matter in certain circumstances, particularly with overlays that interact with one another. One reason why syncprov (in a replicated environment) should always be the first overlay in a database section.
--Quanah
--On Friday, October 13, 2023 12:11 AM +0300 Maksim Saroka msaroka@exadel.com wrote:
Hello,
Thank you for the quick response!
"cn=config is deterministic" what does it mean? Could you please explain us the benefits in this case.
The slapd.conf file may or may not be ordered correctly. I.e., database specific option may occur outside of a database definition. Slapd will do its *best* to order the slapd.conf file that it is provided in a sensical way, but it may not match what was intended by the author, so it is not determinitistic. With cn=config, everything is ordered, so it is deterministic.
Also, keep in mind that answers on the mailing list are done on a time available basis. Don't send an email prodding for a reply.
---Quanah
Hello,
Sorry for bothering you, guys. We really appreciate your work. That was just an urgent deal for us. The last request: could you please point us to the docs that explain to us how slapd.conf file should be composed in the right way?
--------- Maksim Saroka DevOps/System Administrator Exadel.com https://exadel.com/ Follow Us on LinkedIn https://www.linkedin.com/company/exadel/
On Oct 23, 2023, at 8:28 PM, Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Friday, October 13, 2023 12:11 AM +0300 Maksim Saroka msaroka@exadel.com wrote:
Hello,
Thank you for the quick response!
"cn=config is deterministic" what does it mean? Could you please explain us the benefits in this case.
The slapd.conf file may or may not be ordered correctly. I.e., database specific option may occur outside of a database definition. Slapd will do its *best* to order the slapd.conf file that it is provided in a sensical way, but it may not match what was intended by the author, so it is not determinitistic. With cn=config, everything is ordered, so it is deterministic.
Also, keep in mind that answers on the mailing list are done on a time available basis. Don't send an email prodding for a reply.
---Quanah
--On Monday, November 6, 2023 10:08 PM +0000 Maksim Saroka msaroka@exadel.com wrote:
Hello,
Sorry for bothering you, guys. We really appreciate your work. That was just an urgent deal for us. The last request: could you please point us to the docs that explain to us how slapd.conf file should be composed in the right way?
The manual pages cover what options are valid in what sections.
--Quanah
openldap-technical@openldap.org
-
Maksim Saroka -
Quanah Gibson-Mount