[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6365) Bad slapcat output when slapd running



Full_Name: Peter Mogensen
Version: 2.4.19
OS: Debian Lenny
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (95.166.36.16)


Using openldap 2.4.17 and 2.4.19 linked with libdb4.6 and libdb4.8 in a
mirrormode setup:

* Load the database with slapadd on server-1, start server-1
  The LDIF being loaded is generated with slapcat from a slapd 2.3.30-5+etch2
  Running on Debian Etch. I have no reason to suspect that it is not loaded 
  correctly into server1

* Start server-2 and monitor the progress of replication with slapcat, for
example:

# for ((I=1;I<=20;I++)); do slapcat > out-$I; done

* Look at the output:

# for ((I=1;I<=20;I++)); do wc -l out-$I; done

I would expect the generated files to be strictly increasing in size.
However, some times there's a file which is smaller than the previous.
In it I see LDIF entries like this:

dn:
objectClass: top
objectClass: NamedObject
objectClass: simpleSecurityObject
uid: rieke
userPassword:: e1NBU0x.....
structuralObjectClass: NamedObject
entryUUID: e46b680e-e5f5-102b-93c9-79162adc1d46
creatorsName: dc=admin,dc=example,dc=com
createTimestamp: 20070823185333Z
entryCSN: 20070823185333.000000Z#000002#000#000000
modifiersName: dc=admin,dc=example,dc=com
modifyTimestamp: 20070823185333Z

... with an empty DN line.

My config is as follows. It has been converted to LDIF and the server is running
with a cn=config database:
============================================
#gentlehup on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        none

tool-threads 4

# Modules
modulepath      /usr/lib/ldap
moduleload      back_hdb
moduleload      syncprov

# Schemas
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema

# Limits
disallow bind_anon
#idletimeout 120
sizelimit 2000

# TLS/Auth
TLSCACertificateFile    /etc/ldap/ssl/ca.crt
TLSCertificateFile     /etc/ldap/ssl/server.crt
TLSCertificateKeyFile  /etc/ldap/ssl/server.nopass.key
TLSCipherSuite "NULL-SHA"

# Allow root to configure slapd via ldapi:///
TLSVerifyClient demand
authz-regexp
  "gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
  "cn=config"

authz-regexp
  "email=root@example.com,cn=config,ou=dev,o=example.com,st=Denmark,c=DK"
  "cn=config"

##### Mirror mode ####
serverID 2

database config

limits dn.exact="cn=config"
  time.soft=unlimited
  time.hard=unlimited
  size.soft=unlimited
  size.hard=unlimited

syncrepl rid=1
   provider=ldaps://server1.example.com:636/
   searchbase="cn=config"
   type=refreshAndPersist
   retry="60 +"
   scope=sub
   schemachecking=on
   bindmethod=sasl
   binddn="cn=config"
   saslmech="EXTERNAL"
   tls_cert=/etc/ldap/ssl/config.crt
   tls_key=/etc/ldap/ssl/config.nopass.key
   tls_cacert=/etc/ldap/ssl/ca.crt
   tls_cipher_suite="NULL-SHA"

syncrepl rid=2
   provider=ldaps://server2.example.com:636/
   searchbase="cn=config"
   type=refreshAndPersist
   retry="60 +"
   scope=sub
   schemachecking=on
   bindmethod=sasl
   binddn="cn=config"
   saslmech="EXTERNAL"
   tls_cert=/etc/ldap/ssl/config.crt
   tls_key=/etc/ldap/ssl/config.nopass.key
   tls_cacert=/etc/ldap/ssl/ca.crt
   tls_cipher_suite="NULL-SHA"

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
syncprov-reloadhint TRUE

mirrormode on
=================================================

The database which I slapcat and which is being replicated has been loaded with
" ldapadd -YEXTERNAL -H ldapi:/// -f ..." from this LDIF:

dn: olcDatabase={1}hdb,cn=config
objectClass: olcHdbConfig
objectClass: olcDatabaseConfig
olcDatabase: hdb
olcSuffix: cn=data,dc=example,dc=com
olcRootDN: cn=config
olcDbDirectory: /var/lib/ldap/cn=data,dc=example,dc=com
olcDbMode: 0660
olcDbConfig: set_cachesize 2 0 0
olcDbConfig: set_lg_bsize 2097512
olcDbConfig: set_lg_dir /var/lib/ldap/cn=data,dc=example,dc=com-log
olcDbConfig: set_flags DB_LOG_AUTOREMOVE
olcDbConfig: set_lk_max_objects 5000
olcDbConfig: set_lk_max_locks   5000
olcDbConfig: set_lk_max_lockers 5000
olcDbCheckpoint: 1024 10
olcDbCachefree: 16
olcDbCachesize: 100000
olcDbIDLcacheSize: 300000
olcDbLinearIndex: TRUE
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn eq,sub
olcDbIndex: uid eq
olcDbIndex: ou eq
olcDbIndex: o eq
olcDbIndex: givenName eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: member eq
olcDbIndex: reader eq
olcDbIndex: writer eq
olcDbIndex: admin eq
olcAccess:
 to dn.base="cn=data,dc=example,dc=com"  attrs=userPassword
  by * auth
olcAccess:
 to dn.base="cn=data,dc=example,dc=com"
  by dn.base="cn=data,dc=example,dc=com" search
olcAccess:
 to dn.children="cn=data,dc=example,dc=com"
  by dn.base="cn=data,dc=example,dc=com" write
olcSyncRepl: rid=3
  provider=ldaps://server1.example.com:636/
  searchbase="cn=data,dc=example,dc=com"
  type=refreshAndPersist
  retry="60 +"
  scope=sub
  schemachecking=on
  bindmethod=sasl
  binddn="cn=config"
  saslmech="EXTERNAL"
  tls_cert=/etc/ldap/ssl/config.crt
  tls_key=/etc/ldap/ssl/config.nopass.key
  tls_cacert=/etc/ldap/ssl/ca.crt
  tls_cipher_suite="NULL-SHA"
olcSyncRepl: rid=4
  provider=ldaps://server2.example.com:636/
  searchbase="cn=data,dc=example,dc=com"
  type=refreshAndPersist
  retry="60 +"
  scope=sub
  schemachecking=on
  bindmethod=sasl
  binddn="cn=config"
  saslmech="EXTERNAL"
  tls_cert=/etc/ldap/ssl/config.crt
  tls_key=/etc/ldap/ssl/config.nopass.key
  tls_cacert=/etc/ldap/ssl/ca.crt
  tls_cipher_suite="NULL-SHA"
olcMirrorMode: TRUE
olcLimits: dn.base="cn=config"
  size.soft=unlimited
  size.hard=unlimited
  time.soft=unlimited
  time.hard=unlimited

dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 600
olcSpSessionlog: 100
olcSpReloadHint: TRUE

dn: olcOverlay=refint,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
olcOverlay: refint
olcRefintAttribute: member