[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple syncrepl problems

To: Darren Gamble <darren.gamble@sjrb.ca>
Subject: Re: Multiple syncrepl problems
From: Howard Chu <hyc@symas.com>
Date: Tue, 11 Jan 2005 09:09:12 -0800
Cc: 'Sébastien Georget' <Sebastien.Georget@sophia.inria.fr>, openldap-software@OpenLDAP.org
In-reply-to: <F2AC1E62AC3CBB49BB518BEA3415322216331C13@shawmail02.shaw.ca>
References: <F2AC1E62AC3CBB49BB518BEA3415322216331C13@shawmail02.shaw.ca>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041101

Darren Gamble wrote:

Good day,

Thanks for your reply.

slapd[23663]: null_callback : error code 0x32
last message repeated 14086 times
Are we missing something here, or are we just running up
against bugs?
I saw the same error using 2.2.20 and using the rootdn as the updatedn seems to solve it in my case.


In our case, there was no rootdn defined (we were taught long ago to not set
a user in the config file, for security).  I correctly guessed that adding a
rootdn and setting it to the updatedn would resolve this.  Note that this
was not needed in 2.2.19.

Now, in the bug report, Howard Chu said "The consumer uses the rootdn to
write the consumer's database".

But the Admin Guide, 14.3.2, says that the consumer uses the updatedn, not
the rootdn, which is defined in the syncrepl statement.  It just notes that
the updatedn entry should have write permissions (it does).

I'm sure I must be missing something here, as to me it looks like these statements contradict each other. Could someone please explain?

The code and documentation need further cleaning up here. The original intention was to use the updatedn so that multiple consumer contexts could exist within a single database, each with separate access controls. However, due to things like receiving entries out of order, a consumer may need to perform other internal maintenance operations in order to successfully complete a particular syncrepl operation. These maintenance operations generally require rootdn privilege.

In 2.2.20 the consumer code was reorganized (to fix a variety of other bugs) and as a result of the shuffle, most operations are now performed with the rootdn alone. I suppose this must be considered a new bug in 2.2.20. However, the fact remains that even in older releases, you must have a rootdn defined on the consumer database, because it is needed for internal maintenance.

I'm inclined to remove the multiple-consumer-context support, as it seems to be causing more hassles than it's worth. With that removed, then only a rootdn would be needed and no updatedn at all.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: Multiple syncrepl problems
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- RE: Multiple syncrepl problems
  - From: Darren Gamble <darren.gamble@sjrb.ca>

Prev by Date: Re: schema problem
Next by Date: RE: Multiple syncrepl problems
Index(es):
- Chronological
- Thread