[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6365) Bad slapcat output when slapd running
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6365) Bad slapcat output when slapd running
- From: apm@mutex.dk
- Date: Fri, 6 Nov 2009 15:13:50 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Peter Mogensen
Version: 2.4.19
OS: Debian Lenny
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (95.166.36.16)
Using openldap 2.4.17 and 2.4.19 linked with libdb4.6 and libdb4.8 in a
mirrormode setup:
* Load the database with slapadd on server-1, start server-1
The LDIF being loaded is generated with slapcat from a slapd 2.3.30-5+etch2
Running on Debian Etch. I have no reason to suspect that it is not loaded
correctly into server1
* Start server-2 and monitor the progress of replication with slapcat, for
example:
# for ((I=1;I<=20;I++)); do slapcat > out-$I; done
* Look at the output:
# for ((I=1;I<=20;I++)); do wc -l out-$I; done
I would expect the generated files to be strictly increasing in size.
However, some times there's a file which is smaller than the previous.
In it I see LDIF entries like this:
dn:
objectClass: top
objectClass: NamedObject
objectClass: simpleSecurityObject
uid: rieke
userPassword:: e1NBU0x.....
structuralObjectClass: NamedObject
entryUUID: e46b680e-e5f5-102b-93c9-79162adc1d46
creatorsName: dc=admin,dc=example,dc=com
createTimestamp: 20070823185333Z
entryCSN: 20070823185333.000000Z#000002#000#000000
modifiersName: dc=admin,dc=example,dc=com
modifyTimestamp: 20070823185333Z
... with an empty DN line.
My config is as follows. It has been converted to LDIF and the server is running
with a cn=config database:
============================================
#gentlehup on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
tool-threads 4
# Modules
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
# Schemas
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
# Limits
disallow bind_anon
#idletimeout 120
sizelimit 2000
# TLS/Auth
TLSCACertificateFile /etc/ldap/ssl/ca.crt
TLSCertificateFile /etc/ldap/ssl/server.crt
TLSCertificateKeyFile /etc/ldap/ssl/server.nopass.key
TLSCipherSuite "NULL-SHA"
# Allow root to configure slapd via ldapi:///
TLSVerifyClient demand
authz-regexp
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=config"
authz-regexp
"email=root@example.com,cn=config,ou=dev,o=example.com,st=Denmark,c=DK"
"cn=config"
##### Mirror mode ####
serverID 2
database config
limits dn.exact="cn=config"
time.soft=unlimited
time.hard=unlimited
size.soft=unlimited
size.hard=unlimited
syncrepl rid=1
provider=ldaps://server1.example.com:636/
searchbase="cn=config"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"
syncrepl rid=2
provider=ldaps://server2.example.com:636/
searchbase="cn=config"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
syncprov-reloadhint TRUE
mirrormode on
=================================================
The database which I slapcat and which is being replicated has been loaded with
" ldapadd -YEXTERNAL -H ldapi:/// -f ..." from this LDIF:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcHdbConfig
objectClass: olcDatabaseConfig
olcDatabase: hdb
olcSuffix: cn=data,dc=example,dc=com
olcRootDN: cn=config
olcDbDirectory: /var/lib/ldap/cn=data,dc=example,dc=com
olcDbMode: 0660
olcDbConfig: set_cachesize 2 0 0
olcDbConfig: set_lg_bsize 2097512
olcDbConfig: set_lg_dir /var/lib/ldap/cn=data,dc=example,dc=com-log
olcDbConfig: set_flags DB_LOG_AUTOREMOVE
olcDbConfig: set_lk_max_objects 5000
olcDbConfig: set_lk_max_locks 5000
olcDbConfig: set_lk_max_lockers 5000
olcDbCheckpoint: 1024 10
olcDbCachefree: 16
olcDbCachesize: 100000
olcDbIDLcacheSize: 300000
olcDbLinearIndex: TRUE
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbIndex: cn eq,sub
olcDbIndex: uid eq
olcDbIndex: ou eq
olcDbIndex: o eq
olcDbIndex: givenName eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: member eq
olcDbIndex: reader eq
olcDbIndex: writer eq
olcDbIndex: admin eq
olcAccess:
to dn.base="cn=data,dc=example,dc=com" attrs=userPassword
by * auth
olcAccess:
to dn.base="cn=data,dc=example,dc=com"
by dn.base="cn=data,dc=example,dc=com" search
olcAccess:
to dn.children="cn=data,dc=example,dc=com"
by dn.base="cn=data,dc=example,dc=com" write
olcSyncRepl: rid=3
provider=ldaps://server1.example.com:636/
searchbase="cn=data,dc=example,dc=com"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"
olcSyncRepl: rid=4
provider=ldaps://server2.example.com:636/
searchbase="cn=data,dc=example,dc=com"
type=refreshAndPersist
retry="60 +"
scope=sub
schemachecking=on
bindmethod=sasl
binddn="cn=config"
saslmech="EXTERNAL"
tls_cert=/etc/ldap/ssl/config.crt
tls_key=/etc/ldap/ssl/config.nopass.key
tls_cacert=/etc/ldap/ssl/ca.crt
tls_cipher_suite="NULL-SHA"
olcMirrorMode: TRUE
olcLimits: dn.base="cn=config"
size.soft=unlimited
size.hard=unlimited
time.soft=unlimited
time.hard=unlimited
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 600
olcSpSessionlog: 100
olcSpReloadHint: TRUE
dn: olcOverlay=refint,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
olcOverlay: refint
olcRefintAttribute: member