New subject: replication from child to Parent domain

17 Aug 2010


      parent is customer
"""
suffix          "dc=SCNCA,dc=ROOTCA"
rootdn        "cn=admin,dc=SCNCA,dc=ROOTCA"
rootpw        secret
checkpoint      512 30
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
ServerID 000
syncrepl rid=001
        provider=ldap://${SON_LDAP_ADDRESS}:${SON_LDAP_PORT}
        type=refreshOnly
# five minutes, you should do syncrepl once a day in practice
        interval=00:01:00:00
        searchbase="${SON_BASE}"
        filter="(objectClass=*)"
        scope=sub
        schemachecking=off
        bindmethod=simple
        binddn="${SON_ADMIN}"
        credentials=${SON_PASSWD}
        retry="5 5 300 +"
mirrormode on
"""
son is provider
"""
suffix          "dc=sonCA,dc=SCNCA,dc=ROOTCA"
rootdn        "cn=admin,dc=sonCA,dc=SCNCA,dc=ROOTCA"
rootpw        secret
checkpoint      512 30
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
ServerID 001
"""
and son's log is
"""
<<< dnPrettyNormal: <dc=sonca,dc=scnca,dc=rootca>,
<dc=sonca,dc=scnca,dc=rootca>
SRCH "dc=sonca,dc=scnca,dc=rootca" 2 0    0 0 0
ber_scanf fmt (m) ber:
ber_dump: buf=010E1060 ptr=010E109C end=010E1136 len=154
  0000:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73 30 06 04
..objectClass0..
  0010:  01 2a 04 01 2b a0 81 82  30 62 04 18 31 2e 33 2e
.*..+...0b..1.3.
  0020:  36 2e 31 2e 34 2e 31 2e  34 32 30 33 2e 31 2e 39
6.1.4.1.4203.1.9
  0030:  2e 31 2e 31 04 46 30 44  0a 01 01 04 3c 72 69 64
.1.1.F0D....<rid
  0040:  3d 30 30 31 2c 73 69 64  3d 30 30 30 2c 63 73 6e
=001,sid=000,csn
  0050:  3d 32 30 31 30 30 38 31  33 30 37 34 38 34 36 2e
=20100813074846.
  0060:  34 35 37 32 37 39 5a 23  30 30 30 30 30 30 23 30
457279Z#000000#0
  0070:  30 30 23 30 30 30 30 30  30 01 01 ff 30 1c 04 17
00#000000...0...
  0080:  32 2e 31 36 2e 38 34 30  2e 31 2e 31 31 33 37 33
2.16.840.1.11373
  0090:  30 2e 33 2e 34 2e 32 01  01 ff
0.3.4.2...
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=010E1060 ptr=010E10A9 end=010E1136 len=141
  0000:  00 06 04 01 2a 04 01 2b  a0 81 82 30 62 04 18 31
....*..+...0b..1
  0010:  2e 33 2e 36 2e 31 2e 34  2e 31 2e 34 32 30 33 2e
.3.6.1.4.1.4203.
  0020:  31 2e 39 2e 31 2e 31 04  46 30 44 0a 01 01 04 3c
1.9.1.1.F0D....<
  0030:  72 69 64 3d 30 30 31 2c  73 69 64 3d 30 30 30 2c
rid=001,sid=000,
  0040:  63 73 6e 3d 32 30 31 30  30 38 31 33 30 37 34 38
csn=201008130748
  0050:  34 36 2e 34 35 37 32 37  39 5a 23 30 30 30 30 30
46.457279Z#00000
  0060:  30 23 30 30 30 23 30 30  30 30 30 30 01 01 ff 30
0#000#000000...0
  0070:  1c 04 17 32 2e 31 36 2e  38 34 30 2e 31 2e 31 31
...2.16.840.1.11
  0080:  33 37 33 30 2e 33 2e 34  2e 32 01 01 ff
3730.3.4.2...
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=010E1060 ptr=010E10B4 end=010E1136 len=130
  0000:  30 62 04 18 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e
0b..1.3.6.1.4.1.
  0010:  34 32 30 33 2e 31 2e 39  2e 31 2e 31 04 46 30 44
4203.1.9.1.1.F0D
  0020:  0a 01 01 04 3c 72 69 64  3d 30 30 31 2c 73 69 64
....<rid=001,sid
  0030:  3d 30 30 30 2c 63 73 6e  3d 32 30 31 30 30 38 31
=000,csn=2010081
  0040:  33 30 37 34 38 34 36 2e  34 35 37 32 37 39 5a 23
3074846.457279Z#
  0050:  30 30 30 30 30 30 23 30  30 30 23 30 30 30 30 30
000000#000#00000
  0060:  30 01 01 ff 30 1c 04 17  32 2e 31 36 2e 38 34 30
0...0...2.16.840
  0070:  2e 31 2e 31 31 33 37 33  30 2e 33 2e 34 2e 32 01
.1.113730.3.4.2.
  0080:  01 ff
..
ber_scanf fmt (m) ber:
ber_dump: buf=010E1060 ptr=010E10D0 end=010E1136 len=102
  0000:  00 46 30 44 0a 01 01 04  3c 72 69 64 3d 30 30 31
.F0D....<rid=001
  0010:  2c 73 69 64 3d 30 30 30  2c 63 73 6e 3d 32 30 31
,sid=000,csn=201
  0020:  30 30 38 31 33 30 37 34  38 34 36 2e 34 35 37 32
00813074846.4572
  0030:  37 39 5a 23 30 30 30 30  30 30 23 30 30 30 23 30
79Z#000000#000#0
  0040:  30 30 30 30 30 01 01 ff  30 1c 04 17 32 2e 31 36
00000...0...2.16
  0050:  2e 38 34 30 2e 31 2e 31  31 33 37 33 30 2e 33 2e
.840.1.113730.3.
  0060:  34 2e 32 01 01 ff
4.2...
=> get_ctrls: oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical)
ber_scanf fmt ({i) ber:
ber_dump: buf=010E10D2 ptr=010E10D2 end=010E1118 len=70
  0000:  30 44 0a 01 01 04 3c 72  69 64 3d 30 30 31 2c 73
0D....<rid=001,s
  0010:  69 64 3d 30 30 30 2c 63  73 6e 3d 32 30 31 30 30
id=000,csn=20100
  0020:  38 31 33 30 37 34 38 34  36 2e 34 35 37 32 37 39
813074846.457279
  0030:  5a 23 30 30 30 30 30 30  23 30 30 30 23 30 30 30
Z#000000#000#000
  0040:  30 30 30 01 01 ff
000...
ber_scanf fmt (m) ber:
ber_dump: buf=010E10D2 ptr=010E10D7 end=010E1118 len=65
  0000:  04 3c 72 69 64 3d 30 30  31 2c 73 69 64 3d 30 30
.<rid=001,sid=00
  0010:  30 2c 63 73 6e 3d 32 30  31 30 30 38 31 33 30 37
0,csn=2010081307
  0020:  34 38 34 36 2e 34 35 37  32 37 39 5a 23 30 30 30
4846.457279Z#000
  0030:  30 30 30 23 30 30 30 23  30 30 30 30 30 30 01 01
000#000#000000..
  0040:  ff
.
ber_scanf fmt (b) ber:
ber_dump: buf=010E10D2 ptr=010E1115 end=010E1118 len=3
  0000:  00 01 ff
...
ber_scanf fmt (}) ber:
ber_dump: buf=010E10D2 ptr=010E1118 end=010E1118 len=0
ber_scanf fmt ({m) ber:
ber_dump: buf=010E1060 ptr=010E1118 end=010E1136 len=30
  0000:  00 1c 04 17 32 2e 31 36  2e 38 34 30 2e 31 2e 31
....2.16.840.1.1
  0010:  31 33 37 33 30 2e 33 2e  34 2e 32 01 01 ff
13730.3.4.2...
ber_scanf fmt (b) ber:
ber_dump: buf=010E1060 ptr=010E1133 end=010E1136 len=3
  0000:  00 01 ff
...
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical)
<= get_ctrls: n=2 rc=0 err=""
    attrs: * +
send_ldap_result: conn=1001 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 2984
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00
0....e........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00
0....e........
daemon: activity on 5 descriptors
daemon: activity on: 4r
daemon: read activity on 4
daemon: WSselect: listen=2 active_threads=0 tvp=zero
connection_get(4)
daemon: WSselect: listen=3 active_threads=0 tvp=zero
connection_get(4): got connid=1001
connection_read(4): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=7
  0000:  30 05 02 01 03 42 00
0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=013E5460 ptr=013E5460 end=013E5465 len=5
  0000:  02 01 03 42 00
...B.
op tag 0x42, time 1282112561
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 4 failed errno=0 (unknown WSA error)
connection_read(4): input error=-2 id=1001, closing.
connection_closing: readying conn=1001 sd=4 for close
daemon: activity on 1 descriptor
connection_close: deferring conn=1001 sd=4
daemon: waked
daemon: WSselect: listen=2 active_threads=0 tvp=zero
conn=1001 op=2 do_unbind
daemon: WSselect: listen=3 active_threads=0 tvp=zero
connection_resched: attempting closing conn=1001 sd=4
connection_close: conn=1001 sd=4
daemon: removing 4
"""
gtalk:freeespeech@gmail.com gtalk%3Afreeespeech@gmail.com
On Mon, Aug 16, 2010 at 10:54 PM, Marc Patermann <
hans.moser@ofd-z.niedersachsen.de> wrote:
...
Off list:
owen nirvana schrieb am 16.08.2010 16:08 Uhr:
...
However, the method of different search for different node is not
effective.
...
In my configuration of parent CA,
''"
syncrepl rid=001
         ...
         searchbase = "dc=sonCA,dc=parentCA,dc=rootCA"
         ...
"""
Did you try my first glue with multiple databases?
...
I believe the reason is the two nodes have not the same DIT.
What did you mean by that?
your tree from dc=sonCA,dc=parenCA,dc=rootCA will be replicated beyond
dc=parenCA,dc=rootCA if you configure it in the right way.
...
Maybe syncrepl could not support it.
You better try one of the approaches und post the consumer and provider
config and replication logs to the list (and maybe some data)
Marc

Re: replication from child to Parent domain