Hello,
A syncrepl with a searchbase of "dc=foo,dc=bar" is working fine but not with a empty/null "" searchbase. On the provider side I have the following error "is_entry_objectclass("", "2.5.17.0") no objectClass attribute" and on the consumer I have "do_syncrep2: rid=002 (32) No such object".
ldapsearch -LLL -h foo.bar -p 389 -x -D 'cn=syncrepl,dc=foo,dc=bar' -w '*****' -b '' -s sub '(objectclass=*)' '*' '+' Do not have any issue to retrieve the full DIT(s) and is able to find the sub of root object.
Is it possible to replicate an null/empty searchbase with syncrepl ?
If not how can I replicate part of a null/empty searchbase setup on a provider ?
Best Regards, Guy Baconniere
I am running OpenLDAP slapd 2.4.11 on Debian Lenny.
# syncrepl directives syncrepl rid=002 provider=ldap://foo.bar:389/ searchbase="" filter="(objectClass=*)" scope=sub attrs="*,+" type=refreshAndPersist schemachecking=off retry="60 30 300 +" bindmethod=simple binddn="cn=syncrepl,dc=foo,dc=bar" credentials="*****"
SYNCREPL OF SEARCHBASE="" NOT WORKING conn=1443 fd=33 ACCEPT from IP=172.16.8.204:44128 (IP=0.0.0.0:389) conn=1443 op=0 BIND dn="cn=syncrepl,dc=foo,dc=bar" method=128 conn=1443 op=0 BIND dn="cn=syncrepl,dc=foo,dc=bar" mech=SIMPLE ssf=0 conn=1443 op=0 RESULT tag=97 err=0 text= conn=1442 op=1 SRCH base="" scope=2 deref=0 filter="(objectClass=*)" conn=1442 op=1 SRCH attr=* + is_entry_objectclass("", "2.5.17.0") no objectClass attribute conn=1442 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= conn=1443 op=1 SRCH base="dc=foo,dc=bar" scope=2 deref=0 filter="(objectClass=*)" conn=1443 op=1 SRCH attr=* + conn=1442 op=2 UNBIND conn=1442 fd=24 closed
do_syncrep2: rid=002 LDAP_RES_SEARCH_RESULT do_syncrep2: rid=002 (32) No such object do_syncrepl: rid=002 retrying (29 retries left) LDAPSEARCH IS ABLE TO RETRIEVE SEARCHBASE "" ldapsearch -LLL -h foo.bar -p 389 -x -D 'cn=syncrepl,dc=foo,dc=bar' -w '*****' -b '' -s sub '(objectclass=*)' '*' '+' conn=1441 fd=24 ACCEPT from IP=127.0.0.1:47269 (IP=0.0.0.0:389) conn=1441 op=0 BIND dn="cn=syncrepl,dc=foo,dc=bar" method=128 conn=1441 op=0 BIND dn="cn=syncrepl,dc=foo,dc=bar" mech=SIMPLE ssf=0 conn=1441 op=0 RESULT tag=97 err=0 text= conn=1441 op=1 SRCH base="" scope=2 deref=0 filter="(objectClass=*)" conn=1441 op=1 SRCH attr=* +
Am Wed, 16 Jun 2010 15:20:45 +0200 schrieb Guy.Baconniere@swisscom.com:
Hello,
A syncrepl with a searchbase of "dc=foo,dc=bar" is working fine but not with a empty/null "" searchbase. On the provider side I have the following error "is_entry_objectclass("", "2.5.17.0") no objectClass attribute" and on the consumer I have "do_syncrep2: rid=002 (32) No such object".
ldapsearch -LLL -h foo.bar -p 389 -x -D 'cn=syncrepl,dc=foo,dc=bar' -w '*****' -b '' -s sub '(objectclass=*)' '*' '+' Do not have any issue to retrieve the full DIT(s) and is able to find the sub of root object.
Is it possible to replicate an null/empty searchbase with syncrepl ?
If not how can I replicate part of a null/empty searchbase setup on a provider ?
Best Regards, Guy Baconniere
I am running OpenLDAP slapd 2.4.11 on Debian Lenny.
[...] I don't know whether this is applicable to 2.4.11 already, but you may add olcSyncUseSubentry: TRUE to the provider's config database. See slapd-config(5) for more information.
-Dieter
--On Wednesday, June 16, 2010 5:15 PM +0200 Dieter Kluenter dieter@dkluenter.de wrote:
Am Wed, 16 Jun 2010 15:20:45 +0200 schrieb Guy.Baconniere@swisscom.com:
Hello,
A syncrepl with a searchbase of "dc=foo,dc=bar" is working fine but not with a empty/null "" searchbase. On the provider side I have the following error "is_entry_objectclass("", "2.5.17.0") no objectClass attribute" and on the consumer I have "do_syncrep2: rid=002 (32) No such object".
ldapsearch -LLL -h foo.bar -p 389 -x -D 'cn=syncrepl,dc=foo,dc=bar' -w '*****' -b '' -s sub '(objectclass=*)' '*' '+' Do not have any issue to retrieve the full DIT(s) and is able to find the sub of root object.
Is it possible to replicate an null/empty searchbase with syncrepl ?
If not how can I replicate part of a null/empty searchbase setup on a provider ?
Best Regards, Guy Baconniere
I am running OpenLDAP slapd 2.4.11 on Debian Lenny.
[...] I don't know whether this is applicable to 2.4.11 already, but you may add olcSyncUseSubentry: TRUE to the provider's config database. See slapd-config(5) for more information.
Not necessary. Of course, using 2.4.11 is suicidal anyway.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, June 16, 2010 3:20 PM +0200 Guy.Baconniere@swisscom.com wrote:
Hello,
A syncrepl with a searchbase of "dc=foo,dc=bar" is working fine but not with a empty/null "" searchbase. On the provider side I have the following error "is_entry_objectclass("", "2.5.17.0") no objectClass attribute" and on the consumer I have "do_syncrep2: rid=002 (32) No such object".
ldapsearch -LLL -h foo.bar -p 389 -x -D 'cn=syncrepl,dc=foo,dc=bar' -w '*****' -b '' -s sub '(objectclass=*)' '*' '+' Do not have any issue to retrieve the full DIT(s) and is able to find the sub of root object.
Is it possible to replicate an null/empty searchbase with syncrepl ?
Yes, it works just fine for me.
Maybe you should download Zimbra, and install the zimbra-ldap package on two different systems, one a master, one a replica, and examine the resulting configurations. If you want to see how it is done via slapd.conf and OpenLDAP 2.3, download Zimbra 5.0.x. If you want to see how it is done with cn=config and OpenLDAP 2.4, download Zimbra 6.0.x.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Dieter Kluenter -
Guy.Baconniere@swisscom.com -
Quanah Gibson-Mount