Hello,
For performance issues (millions or records) I have two ldap servers: - one master with an sql backend (postgres) to allow easy data manipulation - one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
According to the fact that the following command is successfull: "ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
and then the synchronization fails with this error: "read1msg: ld 0x9ca73e8 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (o) ber: ber_scanf fmt ({em) ber: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD ldap_msgfree connection_get(11): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 ldap_free_connection: actually freed do_syncrepl: rid=001 quitting"
Do you know whether suncrepl is support for ldap with sql backend? Do you know where can I find some documentation on this? Do you have any clue on how I could solve my issues?
Thanks in advance. Please find below the .conf of those two ldap servers:
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/slapd-lnp.pid argsfile /usr/local/openldap/var/slapd-lnp.args
backend sql
####################################################################### # sql database definitions #######################################################################
database sql suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret dbname lnp dbuser lnp dbpasswd lnp strcast_func "text" #subtree_cond "ldap.entries.dn like '%'||?" concat_pattern "?||?" has_ldapinfo_dn_ru no
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 lastmod on
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/run/slapd-front.pid argsfile /usr/local/openldap/var/run/slapd-front.args
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret directory /usr/local/openldap/var/openldap-data
# index entryCSN,entryUUID eq index entryUUID eq
# filter="(objectClass=*)"
syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp" schemachecking=off binddn="cn=manager,dc=lnp" credentials=secret filter="(objectClass=*)"
mirrormode on serverID 1
Frederic Bouy wrote:
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data manipulation
- one slave to anwer ldap queries and provide good response time
Which OpenLDAP version is this?
syncrepl rid=001 [..] searchbase="ou=31,dc=lnp"
^^^^^^^^^^^^ Does this entry exist on your master?
Ciao, Michael.
Hello Michael,
Thanks for your answer. My versions are:
- slapd 2.4.12 - backend sql PostgreSQL 8.3.7 - unixODBC 2.2.14 - Berkeley DB 4.7.25
On the master I have this kind of entries: id | dn | oc_map_id | parent | keyval ---------+-----------------------------+-----------+--------+--------- 1 | dc=lnp | 1 | 0 | 1 2 | ou=31,dc=lnp | 2 | 1 | 1 3 | ou=32,dc=lnp | 2 | 1 | 2 4 | ou=33,dc=lnp | 2 | 1 | 3 5 | cn=Manager,dc=lnp | 5 | 1 | 1 6 | uid=0616286400,ou=31,dc=lnp | 3 | 2 | 1283841 7 | uid=0616615430,ou=31,dc=lnp | 3 | 2 | 1283842 8 | uid=0644180200,ou=31,dc=lnp | 3 | 2 | 1283843 9 | uid=0618279414,ou=31,dc=lnp | 3 | 2 | 1283844
And the entry "ou=31,dc=lnp" exists like shown in the picture in attachment.
Thanks for your help. Frederic
2009/4/21 Michael Ströder michael@stroeder.com
Frederic Bouy wrote:
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data
manipulation
- one slave to anwer ldap queries and provide good response time
Which OpenLDAP version is this?
syncrepl rid=001 [..] searchbase="ou=31,dc=lnp"
^^^^^^^^^^^^Does this entry exist on your master?
Ciao, Michael.
Frederic Bouy wrote:
My versions are:
* slapd 2.4.12
Not sure whether this solves your particular problem but if you have problems with syncrepl you should try 2.4.16.
And the entry "ou=31,dc=lnp" exists like shown in the picture in attachment.
Are there any ACLs in effect preventing the slave to search the content below this entry?
Ciao, Michael.
Hi,
On 21.04.2009 15:57, Frederic Bouy wrote:
Hello,
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data
manipulation
- one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
This looks like the entry "dc=lnp" doesn't exist in your database.
According to the fact that the following command is successfull: "ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
This works because the "cn=manager,dc=lnp" user and password are defined in your slapd.conf. It would be the same if you had no data in the database at all.
database bdb suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret
[...] syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp"
You have configured a database on suffix "dc=lnp", but you're only replicating the subtree "ou=31,dc=lnp". Therefore, there is no LDAP entry "dc=lnp", which is where syncrepl stores it's contextCSN. This probably explains the errors you're seeing.
Either create a simple "dc=lnp" entry yourself, or replicate that entry from the master aswell.
Regards, Jonathan
Hello Jonathan,
Thanks for your answers.
2009/4/21 Jonathan Clarke jonathan@phillipoux.net
Hi,
On 21.04.2009 15:57, Frederic Bouy wrote:
Hello,
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data
manipulation
- one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
This looks like the entry "dc=lnp" doesn't exist in your database.
I think that this entry exist, at least according to my db I got:
LNP=# select * from ldap_entries where id=1; id | dn | oc_map_id | parent | keyval ----+--------+-----------+--------+-------- 1 | dc=lnp | 1 | 0 | 1
LNP=# select * from ldap_oc_mappings where id=1; id | name | keytbl | keycol | create_proc | delete_proc | expect_return ----+----------+-----------+--------+---------------------------+----------------------------------+--------------- 1 | dcObject | dc_object | id | SELECT create_dc_object() | DELETE FROM dc_object WHERE id=? | 0
LNP=# select * from dc_object where id=1; id | dc | description ----+-----+------------- 1 | lnp |
But when doing "ldapsearch -b "dc=lnp" " I got the followin result:
# extended LDIF # # LDAPv3 # base <dc=lnp> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 80 Other (e.g., implementation specific) error text: bad referral object
# numResponses: 1
but I can not find any error in the log:
slap_listener_activate(8):
slap_listener(ldap:///)
connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 12 contents: ber_get_next conn=0 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 10 do_bind: v3 anonymous bind connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 43 contents: ber_get_next conn=0 op=1 do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <dc=lnp>
<<< dnPrettyNormal: <dc=lnp>, <dc=lnp> ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: ==> limits_get: conn=0 op=1 dn="[anonymous]" ==>backsql_search(): base="dc=lnp", filter="(objectClass=*)", scope=2, deref=0, attrsonly=0, attributes to load: all ==>backsql_get_db_conn() ==>backsql_open_db_handle() <==backsql_open_db_handle() <==backsql_get_db_conn() ==>backsql_dn2id("dc=lnp") matched expected backsql_dn2id("dc=lnp"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE dn=?" backsql_dn2id("dc=lnp"): id=1 keyval=1 oc_id=1 dn=dc=lnp
dnPrettyNormal: <dc=lnp>
<<< dnPrettyNormal: <dc=lnp>, <dc=lnp> <==backsql_dn2id("dc=lnp"): err=0 ==>backsql_id2entry() backsql_id2entry(): retrieving all attributes ==>backsql_get_attr_vals(): oc="dcObject" attr="dc" keyval=1 backsql_get_attr_vals(): number of values in query: 1 <==backsql_get_attr_vals() ==>backsql_get_attr_vals(): oc="dcObject" attr="objectClass" keyval=1 backsql_get_attr_vals(): number of values in query: 1 <==backsql_get_attr_vals() <==backsql_id2entry() send_ldap_result: conn=0 op=1 p=3 send_ldap_response: msgid=2 tag=101 err=80 ber_flush2: 33 bytes to sd 10 <==backsql_search() connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next ber_get_next on fd 10 failed errno=0 (Success) connection_closing: readying conn=0 sd=10 for close connection_close: deferring conn=0 sd=10 conn=0 op=2 do_unbind connection_resched: attempting closing conn=0 sd=10 connection_close: conn=0 sd=10
As lnp is supposed to be the root is has a ldap_entries.parent=0. Could it be linked? or is it a normal behavior?
According to the fact that the following command is successfull:
"ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
This works because the "cn=manager,dc=lnp" user and password are defined in your slapd.conf. It would be the same if you had no data in the database at all.
database bdb
suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret
[...] syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp"
You have configured a database on suffix "dc=lnp", but you're only replicating the subtree "ou=31,dc=lnp". Therefore, there is no LDAP entry "dc=lnp", which is where syncrepl stores it's contextCSN. This probably explains the errors you're seeing.
Either create a simple "dc=lnp" entry yourself, or replicate that entry from the master aswell.
I have changed on the slave the slapd.conf to "searchbase="dc=lnp"" and I still get this non blocking issue in the log file when starting the slave ( ./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1): bdb_dn2entry("dc=lnp") => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
but the replication issue does not seem to be exactly the same one. I know get:
onnection_get(11): got connid=0 =>do_syncrepl rid=001 =>do_syncrep2 rid=001 ldap_result ld 0x87083d0 msgid 2 wait4msg ld 0x87083d0 msgid 2 (timeout 0 usec) wait4msg continue ld 0x87083d0 msgid 2 all 0 ** ld 0x87083d0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Wed Apr 22 10:06:54 2009
** ld 0x87083d0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x87083d0 request count 1 (abandoned 0) ** ld 0x87083d0 Response Queue: Empty ld 0x87083d0 response count 0 ldap_chkResponseList ld 0x87083d0 msgid 2 all 0 ldap_chkResponseList returns ld 0x87083d0 NULL ldap_int_select read1msg: ld 0x87083d0 msgid 2 all 0 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x87083d0 msgid 2 message type search-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x87083d0 0 new referrals read1msg: mark request completed, ld 0x87083d0 msgid 2 request done: ld 0x87083d0 msgid 2 res_errno: 32, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_err2string *do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT (32) No such object* ldap_err2string ldap_err2string *do_syncrep2: rid=001 (32) No such object* ldap_err2string ldap_msgfree connection_get(11): got connid=0 ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 ldap_free_connection: actually freed do_syncrepl: rid=001 quitting
Any clue, advices would be greatly apreciated. Thanks
Frederic
Regards, Jonathan
--
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org
Frederic Bouy wrote:
Hello,
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data manipulation
- one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
According to the fact that the following command is successfull: "ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
and then the synchronization fails with this error: "read1msg: ld 0x9ca73e8 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (o) ber: ber_scanf fmt ({em) ber: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD ldap_msgfree connection_get(11): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 ldap_free_connection: actually freed do_syncrepl: rid=001 quitting"
Do you know whether suncrepl is support for ldap with sql backend?
No it's not.
Do you know where can I find some documentation on this?
There isn't any.
Do you have any clue on how I could solve my issues?
Thanks in advance. Please find below the .conf of those two ldap servers:
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/slapd-lnp.pid argsfile /usr/local/openldap/var/slapd-lnp.args
backend sql
####################################################################### # sql database definitions #######################################################################
database sql suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret dbname lnp dbuser lnp dbpasswd lnp strcast_func "text" #subtree_cond "ldap.entries.dn like '%'||?" concat_pattern "?||?" has_ldapinfo_dn_ru no
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Not supposed to work since syncrepl is not supported. Back-sql may claim it supports syncrepl provisioning because there is some experimental support, but it is known to be broken.
lastmod on
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/run/slapd-front.pid argsfile /usr/local/openldap/var/run/slapd-front.args
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret directory /usr/local/openldap/var/openldap-data
# index entryCSN,entryUUID eq index entryUUID eq
# filter="(objectClass=*)"
syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp" schemachecking=off binddn="cn=manager,dc=lnp" credentials=secret filter="(objectClass=*)"
mirrormode on serverID 1
You shouldn't enable mirror mode unless you know what you're doing. In this case you shouldn't enable it since syncrepl is not supported by the other peer. Moreover the two peers are not symmetrical (back-sql and back-bdb do not have the same capabilities, and the two configurations are not identical).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Hello Pierangelo.
Thanks for your feedback. What you are saying is that syncrepl is not support for ldap with sql backend. To solve my issue do you know how I could export all the ldap entries of this ldap server to construct a new ldap with a bdb backend (the release of openldap I am using is 2.4.12? Do you know where can I find some documentation of sql backend and syncrepl to do the needfull in order to make this architecture work?
Thanks a lot. Frederic
2009/4/22 Pierangelo Masarati ando@sys-net.it
Frederic Bouy wrote:
Hello,
For performance issues (millions or records) I have two ldap servers:
- one master with an sql backend (postgres) to allow easy data
manipulation
- one slave to anwer ldap queries and provide good response time
When lauching the slave ("./slapd -f /usr/local/openldap/etc/openldap/slapd-front.conf -h "ldap://localhost:3890" -d 1") I got a first non blocking error I don't really understand: " => bdb_dn2id("dc=lnp") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)"
According to the fact that the following command is successfull: "ldapwhoami -H "ldap://localhost:389" -D "cn=manager,dc=lnp" -w secret"
and then the synchronization fails with this error: "read1msg: ld 0x9ca73e8 msgid 2 message type search-entry ber_scanf fmt ({xx) ber: ber_scanf fmt ({a) ber: ber_scanf fmt (o) ber: ber_scanf fmt ({em) ber: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD ldap_msgfree connection_get(11): got connid=0 ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 ldap_free_connection: actually freed do_syncrepl: rid=001 quitting"
Do you know whether suncrepl is support for ldap with sql backend?
No it's not.
Do you know where can I find some documentation on this?
There isn't any.
Do you have any clue on how I could solve my issues?
Thanks in advance. Please find below the .conf of those two ldap servers:
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/slapd-lnp.pid argsfile /usr/local/openldap/var/slapd-lnp.args
backend sql
####################################################################### # sql database definitions #######################################################################
database sql suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret dbname lnp dbuser lnp dbpasswd lnp strcast_func "text" #subtree_cond "ldap.entries.dn like '%'||?" concat_pattern "?||?" has_ldapinfo_dn_ru no
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
Not supposed to work since syncrepl is not supported. Back-sql may claim it supports syncrepl provisioning because there is some experimental support, but it is known to be broken.
lastmod on
# === MASTER ===== include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/lnp.schema
pidfile /usr/local/openldap/var/run/slapd-front.pid argsfile /usr/local/openldap/var/run/slapd-front.args
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=lnp" rootdn "cn=Manager,dc=lnp" rootpw secret directory /usr/local/openldap/var/openldap-data
# index entryCSN,entryUUID eq index entryUUID eq
# filter="(objectClass=*)"
syncrepl rid=001 provider=ldap://localhost:389 bindmethod=simple type=refreshAndPersist searchbase="ou=31,dc=lnp" schemachecking=off binddn="cn=manager,dc=lnp" credentials=secret filter="(objectClass=*)"
mirrormode on serverID 1
You shouldn't enable mirror mode unless you know what you're doing. In this case you shouldn't enable it since syncrepl is not supported by the other peer. Moreover the two peers are not symmetrical (back-sql and back-bdb do not have the same capabilities, and the two configurations are not identical).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it
openldap-technical@openldap.org
-
Frederic Bouy -
Jonathan Clarke -
Michael Ströder -
Pierangelo Masarati