Hy !
it's me again :)
I am still testing n-way multi master replication with OpenLDAP 2.4.14. I don't know why I could modify my olcSyncrepl attribute from my data bdb.
I am binding with cn=config, and I can modify the olcSyncrepl attribute from olcDatabase={0}config, but not from olcDatabase={1}bdb !
I am getting this error : 08:57:25: Failed to update entry olcDatabase={1}bdb, cn=config Reason: [LDAP: error code 53 - shadow context; no update referral]
This appends on both masters. Is this supposed to be like that ? I have configured cn=config to replicate, this should work right ?
Adrien
On 19.02.2009 10:36, Adrien Futschik wrote:
Hy !
it's me again :)
Hi again Adrien ;)
I am still testing n-way multi master replication with OpenLDAP 2.4.14. I don't know why I could modify my olcSyncrepl attribute from my data bdb.
I am binding with cn=config, and I can modify the olcSyncrepl attribute from olcDatabase={0}config, but not from olcDatabase={1}bdb !
I am getting this error : 08:57:25: Failed to update entry olcDatabase={1}bdb, cn=config Reason: [LDAP: error code 53 - shadow context; no update referral]
This appends on both masters. Is this supposed to be like that ? I have configured cn=config to replicate, this should work right ?
When you configure a database with syncrepl replication, it is marked as a shadow context. This makes sense for the general case when a database is a "slave" of a master server. Trying to update a shadowed database will return the "shadow context; no update referral" error, unless a "updateref" is set on that DB.
However, if you're using multi-master, and have set mirrormode on, this should no longer be the case, and all updates will be accepted.
So you should check: 1) That mirrormode is on 2) That your slapd listeners match your syncrepl providers, as I suggested in another thread
If this is all the case, please give us your configuration, and tell us what operations you do that lead to this situation.
Regards, Jonathan
Le jeudi 19 février 2009 11:38:48, Jonathan Clarke a écrit :
On 19.02.2009 10:36, Adrien Futschik wrote:
Hy !
it's me again :)
Hi again Adrien ;)
I am still testing n-way multi master replication with OpenLDAP 2.4.14. I don't know why I could modify my olcSyncrepl attribute from my data bdb.
I am binding with cn=config, and I can modify the olcSyncrepl attribute from olcDatabase={0}config, but not from olcDatabase={1}bdb !
I am getting this error : 08:57:25: Failed to update entry olcDatabase={1}bdb, cn=config Reason: [LDAP: error code 53 - shadow context; no update referral]
This appends on both masters. Is this supposed to be like that ? I have configured cn=config to replicate, this should work right ?
When you configure a database with syncrepl replication, it is marked as a shadow context. This makes sense for the general case when a database is a "slave" of a master server. Trying to update a shadowed database will return the "shadow context; no update referral" error, unless a "updateref" is set on that DB.
However, if you're using multi-master, and have set mirrormode on, this should no longer be the case, and all updates will be accepted.
So you should check:
- That mirrormode is on
- That your slapd listeners match your syncrepl providers, as I
suggested in another thread
If this is all the case, please give us your configuration, and tell us what operations you do that lead to this situation.
Regards, Jonathan
I have been doing some more tests : I have removed all olcSyncrepl attributes from olcDatabase={1}bdb and recreated them and here is what netstat showed me : [webadm@ntrsz00o scripts]$ netstat -a |grep 9011 | grep ntr.edfgdf; netstat -a |grep 9012 |grep ntr.edfgdf tcp 0 0 ntrsz00o:60409 ntrs000n.ntr.edfgdf.fr:9011 ESTABLISHED tcp 0 0 ntrsz00o:9012 ntrs000n.ntr.edfgdf.f:43952 ESTABLISHED tcp 0 0 ntrsz00o:9012 ntrs000n.ntr.edfgdf.f:37855 ESTABLISHED tcp 0 0 ntrsz00o:9012 ntrs000n.ntr.edfgdf.f:48601 ESTABLISHED
in normal situation it should look like this : tcp 0 0 ntrsz00o:55428 ntrs000n.ntr.edfgdf.fr:9011 ESTABLISHED tcp 0 0 ntrsz00o:55429 ntrs000n.ntr.edfgdf.fr:9011 ESTABLISHED tcp 0 0 ntrsz00o:9012 ntrs000n.ntr.edfgdf.f:38341 ESTABLISHED tcp 0 0 ntrsz00o:9012 ntrs000n.ntr.edfgdf.f:38340 ESTABLISHED
The replication doen't work anymore. When I try to update an entry, I am always getting this message : 11:31:04: Failed to update entry cn=M2client2@laposte.net, ou=clients, o=edf, c=fr Reason: [LDAP: error code 53 - shadow context; no update referral]
Whether I am trying to update on M1 or M2 doesn't matter. The only way I could get things back to normal, was to restart M1 & M2 (not sure restarting M2 was necessary)
Here is my configuration (sorry if it is hard to read): M1 : /appli/projects/m1/openldap_2.4.14/conf/slapd.d/cn=config.ldif dn: cn=config objectClass: olcGlobal cn: config structuralObjectClass: olcGlobal entryUUID: 7d0731dd-547a-4b58-955a-c597dbbfbea7 creatorsName: cn=config createTimestamp: 20090219091451Z olcServerID: 1 ldap://163.106.38.90:9011/ olcServerID: 2 ldap://163.106.38.92:9012/ entryCSN: 20090219091452.602209Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090219091452Z contextCSN: 20090219103440.107501Z#000000#001#000000 contextCSN: 20090219103305.835740Z#000000#002#000000
/appli/projects/m1/openldap_2.4.14/conf/slapd.d/cn=config/olcDatabase={0}config.ldif dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW:: e1NTSEF9MXR3c0g3UXlManFFUzQxYVZGUW9lcWdRY0JKaVhnblk= structuralObjectClass: olcDatabaseConfig entryUUID: 6b585f67-6b76-45df-a1f8-adc962b0a2fe creatorsName: cn=config createTimestamp: 20090219091451Z olcSyncrepl: {0}rid=001 provider=ldap://163.106.38.90:9011/ binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndP ersist retry="5 5 300 2" timeout=3 olcSyncrepl: {1}rid=002 provider=ldap://163.106.38.92:9012/ binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndP ersist retry="5 5 300 2" timeout=3 olcMirrorMode: TRUE entryCSN: 20090219094438.413960Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090219094438Z
/appli/projects/m1/openldap_2.4.14/conf/slapd.d/cn=config/olcDatabase={1}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcDbDirectory: ./openldap-data olcSuffix: c=fr olcRootDN: cn=admin,c=fr olcRootPW:: e1NTSEF9MXR3c0g3UXlManFFUzQxYVZGUW9lcWdRY0JKaVhnblk= olcMirrorMode: TRUE olcDbIndex: default pres,eq olcDbIndex: cn,sn pres,eq,sub olcDbIndex: objectClass,entryCSN,entryUUID,seeAlso eq olcDbIndex: mail,givenName,uid pres,eq,sub structuralObjectClass: olcBdbConfig entryUUID: f4e1cd2c-8db0-4d47-86a7-5a7231e19914 creatorsName: cn=config createTimestamp: 20090219091458Z olcSyncrepl: {0}rid=004 provider=ldap://163.106.38.90:9011/ binddn="cn=admin,c =fr" bindmethod=simple credentials=secret searchbase="c=fr" type=refreshAndPe rsist retry="5 5 300 2" timeout=3 olcSyncrepl: {1}rid=005 provider=ldap://163.106.38.92:9012/ binddn="cn=admin,c =fr" bindmethod=simple credentials=secret searchbase="c=fr" type=refreshAndPe rsist retry="5 5 300 2" timeout=3 entryCSN: 20090219103440.107501Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090219103440Z
M2 : /appli/projects/m2/openldap_2.4.14/conf/slapd.d/cn=config.ldif dn: cn=config objectClass: olcGlobal cn: config structuralObjectClass: olcGlobal entryUUID: 7cf95e72-e15a-47b8-923f-bb1910b26bb1 creatorsName: cn=config createTimestamp: 20090219091456Z olcServerID: 1 ldap://163.106.38.90:9011/ olcServerID: 2 ldap://163.106.38.92:9012/ entryCSN: 20090219091457.428606Z#000000#002#000000 modifiersName: cn=config modifyTimestamp: 20090219091457Z contextCSN: 20090219103440.107501Z#000000#001#000000 contextCSN: 20090219103305.835740Z#000000#002#000000
/appli/projects/m2/openldap_2.4.14/conf/slapd.d/cn=config/olcDatabase={0}config.ldif dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW:: e1NTSEF9MXR3c0g3UXlManFFUzQxYVZGUW9lcWdRY0JKaVhnblk= entryUUID: 6b585f67-6b76-45df-a1f8-adc962b0a2fe createTimestamp: 20090219091451Z olcSyncrepl: {0}rid=001 provider=ldap://163.106.38.90:9011/ binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndP ersist retry="5 5 300 2" timeout=3 olcSyncrepl: {1}rid=002 provider=ldap://163.106.38.92:9012/ binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndP ersist retry="5 5 300 2" timeout=3 olcMirrorMode: TRUE structuralObjectClass: olcDatabaseConfig creatorsName: cn=config entryCSN: 20090219094438.413960Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090219094438Z
/appli/projects/m2/openldap_2.4.14/conf/slapd.d/cn=config/olcDatabase={1}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcDbDirectory: ./openldap-data olcSuffix: c=fr olcRootDN: cn=admin,c=fr olcRootPW:: e1NTSEF9MXR3c0g3UXlManFFUzQxYVZGUW9lcWdRY0JKaVhnblk= olcMirrorMode: TRUE olcDbIndex: default pres,eq olcDbIndex: cn,sn pres,eq,sub olcDbIndex: objectClass,entryCSN,entryUUID,seeAlso eq olcDbIndex: mail,givenName,uid pres,eq,sub structuralObjectClass: olcBdbConfig entryUUID: f4e1cd2c-8db0-4d47-86a7-5a7231e19914 creatorsName: cn=config createTimestamp: 20090219091458Z olcSyncrepl: {0}rid=004 provider=ldap://163.106.38.90:9011/ binddn="cn=admin,c =fr" bindmethod=simple credentials=secret searchbase="c=fr" type=refreshAndPe rsist retry="5 5 300 2" timeout=3 olcSyncrepl: {1}rid=005 provider=ldap://163.106.38.92:9012/ binddn="cn=admin,c =fr" bindmethod=simple credentials=secret searchbase="c=fr" type=refreshAndPe rsist retry="5 5 300 2" timeout=3 entryCSN: 20090219103440.107501Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090219103440Z
Thanks in advance for your support,
Adrien
On 19.02.2009 12:00, Adrien Futschik wrote:
I am still testing n-way multi master replication with OpenLDAP 2.4.14. I don't know why I could modify my olcSyncrepl attribute from my data bdb.
I am binding with cn=config, and I can modify the olcSyncrepl attribute from olcDatabase={0}config, but not from olcDatabase={1}bdb !
I am getting this error : 08:57:25: Failed to update entry olcDatabase={1}bdb, cn=config Reason: [LDAP: error code 53 - shadow context; no update referral]
This appends on both masters. Is this supposed to be like that ? I have configured cn=config to replicate, this should work right ?
When you configure a database with syncrepl replication, it is marked as a shadow context. This makes sense for the general case when a database is a "slave" of a master server. Trying to update a shadowed database will return the "shadow context; no update referral" error, unless a "updateref" is set on that DB.
However, if you're using multi-master, and have set mirrormode on, this should no longer be the case, and all updates will be accepted.
So you should check:
- That mirrormode is on
- That your slapd listeners match your syncrepl providers, as I
suggested in another thread
If this is all the case, please give us your configuration, and tell us what operations you do that lead to this situation.
Regards, Jonathan
I have been doing some more tests : I have removed all olcSyncrepl attributes from olcDatabase={1}bdb and recreated them and here is what netstat showed me :
[...]
Whether I am trying to update on M1 or M2 doesn't matter. The only way I could get things back to normal, was to restart M1& M2 (not sure restarting M2 was necessary)
[...]
I think you may be hitting the bug described in ITS #5954 (http://www.openldap.org/its/?findid=5954). When deleting one of several syncrepl directives via cn=config, the wrong one may be deleted for the running instance in 2.4.14. This problem has been corrected in RE24, available by cvs.
In any case, if you are encountering this problem, it can be solved by restarting slapd. This is of course a pain, so I suggest you try RE24.
Jonathan
openldap-technical@openldap.org
-
Adrien Futschik -
Jonathan Clarke