> On 14 Jan 2016, at 08:37 , BÖSCH Christian <boesch(a)fhv.at
> <mailto:boesch@fhv.at>> wrote:
>
>>>
>>> hi,
>>>
>>> i have two openldap servers 2.4.43 on freebsd 10.2 with multimaster
>>> replication.
>>> if i add on one node a dynamicobject, the other node dies immediatly.
>>> has anybody an idea?
>>>
>>> regards,chris
>>>
>>> ---
>>>
>>> added this:
>>> dn:
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>
>>> sn: VKW Guest
>>> objectClass: organizationalPerson
>>> objectClass: person
>>> objectClass: dynamicObject
>>> objectClass: inetLocalMailRecipient
>>> objectClass: inetOrgPerson
>>> objectClass: top
>>> uid: vkw-guest
>>> cn: VKW Guest
>>>
>>>
>>> the log says:
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: activity on 1 descriptor
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: activity on:
>>> Jan 13 13:08:40 openldap2 slapd[75017]: 30r
>>> Jan 13 13:08:40 openldap2 slapd[75017]:
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: read activity on 30
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: select: listen=6
>>> active_threads=0 tvp=zero
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: select: listen=7
>>> active_threads=0 tvp=zero
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: select: listen=8
>>> active_threads=0 tvp=zero
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: select: listen=9
>>> active_threads=0 tvp=zero
>>> Jan 13 13:08:40 openldap2 slapd[75017]: daemon: select: listen=10
>>> active_threads=0 tvp=zero
>>> Jan 13 13:08:40 openldap2 slapd[75017]: connection_get(30)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: connection_get(30): got connid=0
>>> Jan 13 13:08:40 openldap2 slapd[75017]: =>do_syncrepl rid=021
>>> Jan 13 13:08:40 openldap2 slapd[75017]: =>do_syncrep2 rid=021
>>> Jan 13 13:08:40 openldap2 slapd[75017]: do_syncrep2: rid=021
>>> cookie=rid=021,sid=001,csn=20160113120840.025550Z#000000#001#000000
>>> Jan 13 13:08:40 openldap2 slapd[75017]: syncrepl_message_to_entry: rid=021
>>> DN:
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>, UUID:
>>> 2074bc1e-4e3a-1035-92a1-ed72d2e7074a
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnPrettyNormal:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnPrettyNormal:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>,
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnPretty:
<
cn=admin,o=xyz.net
>>> <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnPretty:
<
cn=admin,o=xyz.net
>>> <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnNormalize:
>>> <
cn=admin,o=xyz.net <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnNormalize:
>>> <
cn=admin,o=xyz.net <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnPretty:
<
cn=admin,o=xyz.net
>>> <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnPretty:
<
cn=admin,o=xyz.net
>>> <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnNormalize:
>>> <
cn=admin,o=xyz.net <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnNormalize:
>>> <
cn=admin,o=xyz.net <
http://xyz.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnPretty:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnPretty:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnNormalize:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnNormalize:
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnPretty:
<cn=Subschema>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnPretty:
<cn=Subschema>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: >>> dnNormalize:
<cn=Subschema>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <<< dnNormalize:
<cn=subschema>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: syncrepl_entry: rid=021
>>> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_search
>>> Jan 13 13:08:40 openldap2 slapd[75017]:
mdb_dn2entry("o=abc.net
>>> <
http://abc.net/>")
>>> Jan 13 13:08:40 openldap2 slapd[75017]: =>
mdb_dn2id("o=abc.net
>>> <
http://abc.net/>")
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_dn2id: got id=0x1
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_entry_decode:
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_entry_decode
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => access_allowed: search access
>>> to "o=abc.net <
http://abc.net/>" "entry" requested
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= root access granted
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => access_allowed: search access
>>> granted by manage(=mwrscxd)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: search_candidates:
base="o=abc.net
>>> <
http://abc.net/>" (0x00000001) scope=2
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_filter_candidates
>>> Jan 13 13:08:40 openldap2 slapd[75017]:EQUALITY
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_equality_candidates
(entryUUID)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => key_read
>>> Jan 13 13:08:40 openldap2 slapd[75017]: mdb_idl_fetch_key: [5ec43656]
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_index_read: failed
(-30798)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_equality_candidates: id=0,
>>> first=0, last=0
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_filter_candidates: id=0
>>> first=0 last=0
>>> Jan 13 13:08:40 openldap2 slapd[75017]: mdb_search_candidates: id=0
>>> first=0 last=0
>>> Jan 13 13:08:40 openldap2 slapd[75017]: mdb_search: no candidates
>>> Jan 13 13:08:40 openldap2 slapd[75017]: send_ldap_result: conn=-1 op=0 p=0
>>> Jan 13 13:08:40 openldap2 slapd[75017]: send_ldap_result: err=0
matched=""
>>> text=""
>>> Jan 13 13:08:40 openldap2 slapd[75017]: syncrepl_entry: rid=021 be_search
(0)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: syncrepl_entry: rid=021
>>>
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: slap_queue_csn: queueing
>>> 0x846348780 20160113120840.025550Z#000000#001#000000
>>> Jan 13 13:08:40 openldap2 slapd[75017]: ==> unique_add
>>> <
uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>>
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => access_allowed: manage access
>>> to "uid=vkw-guest,ou=people,o=abc.net <
http://abc.net/>"
"entry" requested
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= root access granted
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => access_allowed: manage access
>>> granted by manage(=mwrscxd)
>>> Jan 13 13:08:40 openldap2 slapd[75017]: unique_add: administrative bypass,
>>> skipping
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_entry_get: ndn:
>>> "ou=people,o=abc.net <
http://abc.net/>"
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_entry_get: oc:
>>> "dynamicObject", at: "(null)"
>>> Jan 13 13:08:40 openldap2 slapd[75017]:
mdb_dn2entry("ou=people,o=abc.net
>>> <
http://abc.net/>")
>>> Jan 13 13:08:40 openldap2 slapd[75017]: =>
mdb_dn2id("ou=people,o=abc.net
>>> <
http://abc.net/>")
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_dn2id: got id=0x3
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_entry_decode:
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_entry_decode
>>> Jan 13 13:08:40 openldap2 slapd[75017]: => mdb_entry_get: found entry:
>>> "ou=people,o=abc.net <
http://abc.net/>"
>>> Jan 13 13:08:40 openldap2 slapd[75017]: <= mdb_entry_get: failed to find
>>> objectClass dynamicObject
>>> Jan 13 13:08:40 openldap2 slapd[75017]: mdb_entry_get: rc=16
>>
>>
>> I suggest reading the above line where it clearly notes it has no knowledge
>> of the dynamicObject objectClass. Looks like a failure to have consistent
>> schema between nodes?
ok quanah, as you always mention to read the manuals carefully is quite a good
idea…
The quick and dirty solution is to set *schemacheck=off* in the syncrepl
configuration and, optionally, exclude the operational attributes from
replication, using
"Quick and dirty" is still dirty. You have a schema problem with your
entry. If you don't fix it you will have continual problems.
--
-- Howard Chu
CTO, Symas Corp.