I recently migrated a client's ldap directories to new servers. I setup replication from the new servers to the old servers to do the initial build of the directory and to keep up to date with changes before the cutover.
In the process we also moved from 2.4.12 to 2.4.33.
I've run into an issue since then with an object that was missing a structuralObjectClass. When we try to commit modifications to that object, we received an error that says:
ldap_modify: Other (e.g., implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Doing a search on that object with +, shows that it is in fact missing a structuralObjectClass. Other users that we can modify, show that they do have that attribute. I was able to solve this problem by doing an ldapsearch on the user and saving to an ldif, ldapdelete the user, then ldapadd the user back from the ldif file. When re-adding that user, the structuralObjectClass was created.
It looks like about 50% of our objects are missing that attribute.
To get those numbers, I am searching with:
'(&(objectClass=*)(!(structuralObjectClass=*)))' + VS '(&(objectClass=*)(structuralObjectClass=*))' +
What would be the best way for me to fix these issues on every object that is missing the structuralObjectClass?
Also, in the future, would you recommend I do a slapcat/slapadd or something like that to populate a new database instead of letting syncrepl load it for me? Would that have fixed this problem from the start?
Thanks for any suggestions.
- Dusty Doris
Dusty Doris wrote:
I setup replication from the new servers to the old servers to do the initial build of the directory and to keep up to date with changes before the cutover.
In the process we also moved from 2.4.12 to 2.4.33.
So you have set up syncrepl with mixed versions. You should not do that.
ldap_modify: Other (e.g., implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Obviously the behaviour was changed how the operational attribute 'structuralObjectClass' is handled during replication.
Glancing over CHANGES this probably this was done when fixing ITS#5792. http://www.openldap.org/its/index.cgi?findid=5792
Ciao, Michael.
Thanks for the response. I now know that you shouldn't mix syncrepl with different versions. For some reason I thought it was OK if both are 2.4.x. I must have been thinking of a different database type such as mysql.
Do you have any suggestions on what I should do to remedy the situation now? Drop and reload the whole directory?
On Mon, Dec 31, 2012 at 12:09 PM, Michael Ströder michael@stroeder.com wrote:
Dusty Doris wrote:
I setup replication from the new servers to the old servers to do the initial build of the directory and to keep up to date with changes before the cutover.
In the process we also moved from 2.4.12 to 2.4.33.
So you have set up syncrepl with mixed versions. You should not do that.
ldap_modify: Other (e.g., implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Obviously the behaviour was changed how the operational attribute 'structuralObjectClass' is handled during replication.
Glancing over CHANGES this probably this was done when fixing ITS#5792. http://www.openldap.org/its/index.cgi?findid=5792
Ciao, Michael.
Dusty Doris wrote:
Thanks for the response. I now know that you shouldn't mix syncrepl with different versions. For some reason I thought it was OK if both are 2.4.x.
It may work. But it depends very much on combinations of x in 2.4.x and which overlays you're using.
Do you have any suggestions on what I should do to remedy the situation now? Drop and reload the whole directory?
Yepp, slapcat/slapadd is the solution. As usual you should test slapadd-ing your current data in a test instance before doing it in production.
Ciao, Michael.
openldap-technical@openldap.org
-
Dusty Doris -
Michael Ströder