[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Weird problem to add a record
Ok, I believe I got the point now
The problem is that, without multimaster stuff, a suffix of a given slapd
cannot be master and slave, since the granularity of the "updatedn"
statement is the whole suffix.
In your case, I guess you should use several suffix definitions and link
them with the "subordinate" keyword.
Something like :
- a root suffix "o=cvf" (master)
- a subsuffix "ou=prs,ou=dns,ou=site,o=cvf" (master, subordinate of "o=cvf")
- a subsuffix "ou=prs,ou=dns,ou=domain,o=cvf" (master, subordinate of
"o=cvf")
- a subsuffix "ou=bdx,ou=dns,ou=domain,o=cvf" (slave, with updatedn
statement, subordinate of "o=cvf")
- a subsuffix "ou=bdx,ou=dns,ou=site,o=cvf" (slave, with updatedn statement,
subordinate of "o=cvf")
I should work, but have a look at ITS#2137
(http://www.OpenLDAP.org/its/index.cgi?findid=2137) to help you to define
your replica statements.
If you can, you may try to modify your DIT to take replication issues into
account in order to limit the total number of subsuffixes
Bruno
----- Original Message -----
From: "MALFILATRE David" <malf@cvf.fr>
To: "Bruno Spieler" <bruno.spieler@atosorigin.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Friday, January 03, 2003 6:44 PM
Subject: Re: Weird problem to add a record
> hi,
> thanks for your answer but they are some things I don t understand :
>
> For sure I have dropped the updatedn line and now it works.
>
>
> But :
>
> when I put in my conf file :
>
> replica host=ns-cache01b.int75.cvf:389
> binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> bindmethod=simple credentials=meuh
> suffix="ou=prs,ou=dns,ou=site,o=cvf"
> suffix="ou=prs,ou=dns,ou=domain,o=cvf"
>
> it means that I want those 2 branch to be replicated on another server
> which is ns-cache01b. My current server is ns-cache01p ( note the 01p
> and 01b ) on which I made my test.
>
> I need the updatedn directive because my other server ns-cache01b will
> replicate two other branch too.
>
> here the replica directive for the second server.
>
> replica host=ns-cache01p.int75.cvf:389
> binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> bindmethod=simple credentials=replicator
> suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> suffix="ou=bdx,ou=dns,ou=site,o=cvf"
>
>
> With this configuration I want that two ldapserver ( for test purpose
> but in real I will do that with 4 servers ) can be master of a part of
> an ldap tree but will be "slave" of another part, but will _never_ write
> on the slave branch.
>
> ns-cache01P will be master for :
> suffix="ou=prs,ou=dns,ou=site,o=cvf"
> suffix="ou=prs,ou=dns,ou=domain,o=cvf"
>
> ns-cache01B will be master for :
>
> suffix="ou=bdx,ou=dns,ou=domain,o=cvf"
> suffix="ou=bdx,ou=dns,ou=site,o=cvf"
>
>
> So i dont understand why an account cant write in a branch of an ldap
> tree only because it s replicated on another server .
>
>
> Is it clear ?
>
>
>
>
> On ven, 2003-01-03 at 18:17, Bruno Spieler wrote:
> >
> > Hi David,
> >
> > Your slapd.conf shows that your server (or at least the "o=cvf"
> > suffix) is a replica from another one (line "updatedn" in slapd.conf).
> > Unless you have compiled with multimaster enabled, it means that only
> > the dname specified by the "updatedn" statement can write in your
> > directory.
> >
> > Your "updatedn" and "rootdn" are the same dnames, that's why you can
> > write with the root dname. I reckon the error returned with another
> > dname is linked to the fact that no "updateref" statement is provided
> > to support referrals.
> >
> > The good configuration depends on what you actually want to do with
> > your ldap server (getting rid of the "updatedn" statement would
> > probably solve this problem, but the resulting architecture may not be
> > what you are expecting)
> >
> > HTH,
> >
> > Bruno
> >
> >
> > ----- Original Message -----
> > From: MALFILATRE David
> > To: openldap-software@OpenLDAP.org
> > Sent: Friday, January 03, 2003 5:05 PM
> > Subject: Weird problem to add a record
> >
> > hi
> >
> > im contacting you because I have a problem I can t solve.
> >
> > With the rootdn account I can add my record but with another
> > account I cant .
> >
> > here is the information :
> >
> > openldap-2.0.27 on a linux debian box
> >
> > here is the log :
> >
> > with the "dnsadminprs,ou=ldap,ou=user,o=cvf" account :
> >
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: read
> > activity on 9
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9)
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_get(9):
> > got connid=0
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: connection_read(9):
> > checking for input on id=0
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > failed errno=11 (Resource temporarily unavailable)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: select:
> > listen=6 active_threads=2 tvp=NULL
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: do_add: ndn
> > (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: conn=0 op=2 ADD
> > dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: => ldbm_cache_open(
> > "dn2id.dbb", 73, 600 )
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= ldbm_cache_open
> > (cache 0)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id NOID
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: dn2entry_r: dn:
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: => dn2id(
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > tries)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= dn2id 13 (in
> > cache)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: => id2entry_r( 13 )
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > (found) (1 tries)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: <= id2entry_r( 13 )
> > 0x80db920 (cache)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: ldbm_referrals:
> > op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > matched="ou=prs,ou=dns,ou=site,o=cvf"
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: ====>
> > cache_return_entry_r( 13 ): returned (0)
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > conn=0 op=2 p=2
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_result:
> > 10::
> > Jan 3 16:02:38 ns-cache01p slapd[27552]: send_ldap_response:
> > msgid=3 tag=105 err=32
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on
> > 1 descriptors
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: daemon: activity on:
> > Jan 3 16:02:38 ns-cache01p slapd[27547]: 9r
> > Jan 3 16:02:38 ns-cache01p slapd[27547]:
> >
> > with rootdn account :
> >
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: read
> > activity on 9
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9)
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_get(9):
> > got connid=1
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: connection_read(9):
> > checking for input on id=1
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: do_add: ndn
> > (AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 ADD
> > dn="AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: ber_get_next on fd 9
> > failed errno=11 (Resource temporarily unavailable)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "dn2id.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 0)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_r: dn:
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > tries)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > cache)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_r( 13 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > (found) (1 tries)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_r( 13 )
> > 0x80db920 (cache)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ldbm_referrals:
> > op=104 target="ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf"
> > matched="ou=prs,ou=dns,ou=site,o=cvf"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_return_entry_r( 13 ): returned (0)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ==> ldbm_back_add:
> > ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "dn2id.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 0)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id NOID
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_required
> > entry (ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf), objectClass
> > "domainRelatedObject"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > type "objectClass"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: oc_check_allowed
> > type "associatedDomain"
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: select:
> > listen=6 active_threads=1 tvp=NULL
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: dn2entry_w: dn:
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF"
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id(
> > "OU=PRS,OU=DNS,OU=SITE,O=CVF" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_find_entry_dn2id("OU=PRS,OU=DNS,OU=SITE,O=CVF"): 13 (1
> > tries)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id 13 (in
> > cache)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_w( 13 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_find_entry_id( 13 ) "ou=prs,ou=dns,ou=site,o=cvf"
> > (found) (1 tries)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_w( 13 )
> > 0x80db920 (cache)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => access_allowed:
> > write access to "ou=prs,ou=dns,ou=site,o=cvf" "children"
> > requested
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= root access
> > granted
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "nextid.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 2)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => index_entry_add(
> > 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "objectClass.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 3)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: =>
> > key_change(ADD,12)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= key_change 0
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= index_entry_add(
> > 18, "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" ) success
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => dn2id_add(
> > "AD=USR75.CVF,OU=PRS,OU=DNS,OU=SITE,O=CVF", 18 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "dn2id.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 0)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= dn2id_add 0
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => id2entry_add( 18,
> > "ad=usr75.cvf,ou=prs,ou=dns,ou=site,o=cvf" )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: => ldbm_cache_open(
> > "id2entry.dbb", 73, 600 )
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= ldbm_cache_open
> > (cache 1)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: <= id2entry_add 0
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > conn=1 op=2 p=2
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_result:
> > 0::
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: send_ldap_response:
> > msgid=3 tag=105 err=0
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: conn=1 op=2 RESULT
> > tag=105 err=0 text=
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_return_entry_w( 13 ): returned (0)
> > Jan 3 16:06:03 ns-cache01p slapd[27554]: ====>
> > cache_return_entry_w( 18 ): created (0)
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on
> > 1 descriptors
> > Jan 3 16:06:03 ns-cache01p slapd[27547]: daemon: activity on:
> >
> >
> > Some part of my slapd.conf :
> >
> > defaultaccess none
> >
> > access to attr=userpassword
> > by self read
> > by anonymous auth
> > by * none
> >
> > access to dn="ou=prs,ou=dns,ou=site,o=cvf"
> > by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> >
> > access to dn="ou=prs,ou=dns,ou=domain,o=cvf"
> > by dn="ou=dnsadminprs,ou=ldap,ou=user,o=cvf" write
> > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> >
> > access to *
> > by dn="ou=exploitprs,ou=ldap,ou=user,o=cvf" read
> >
> > database ldbm
> > rootdn "ou=replicator,ou=ldap,ou=user,o=cvf"
> > updatedn "ou=replicator,ou=ldap,ou=user,o=cvf"
> > suffix "o=cvf"
> > directory
> > /usr/local/stow/openldap-2.0.27/var/openldap-ldbm
> >
> > replica host=ns-cache01b.int75.cvf:389
> > binddn="ou=replicator,ou=ldap,ou=user,o=cvf"
> > bindmethod=simple credentials=meuh
> > suffix="ou=prs,ou=dns,ou=site,o=cvf"
> > suffix="ou=prs,ou=dns,ou=domain,o=cvf"
> >
> >
> > thanks in advance
>