[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: incomplete slapcat

To: "Robert Petkus" <rpetkus@bnl.gov>
Subject: Re: incomplete slapcat
From: "matthew sporleder" <msporleder@gmail.com>
Date: Wed, 4 Oct 2006 11:40:11 -0400
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <4523C377.1010206@bnl.gov>
References: <4522B5F4.4090002@bnl.gov> <4AA5240ED975B88B30830BAF@SW-90-717-287-3.stanford.edu> <45230518.3060308@bnl.gov> <F37F3003FB0EF22D8E75483C@SW-90-717-287-3.stanford.edu> <4523C377.1010206@bnl.gov>

On 10/4/06, Robert Petkus <rpetkus@bnl.gov> wrote:

Quanah Gibson-Mount wrote:
>
>
> --On Tuesday, October 03, 2006 8:49 PM -0400 Robert Petkus
> <rpetkus@bnl.gov> wrote:
>
>
>
>
>> slapcat ldifs (slapcat -n 2 -l ldap.ldif) are polluted with accesslog
>> entries that *replace* the original entries.  For example, my account dn
>> won't include, say, sshPublicKey, but I'd see a reqMod entry with this
>> attribute.
>
> First, I'd make life simpler by listing the monitoring database last.
>
> Second, your slapcat by definition dumps the accesslog database, not
> your main database, since your databases are:
>
> 1: monitor
> 2: cn=changelog
> 3: dc=bnl,dc=gov
>
>
> Or at least, that's my guess, and it seems to go with what you note.
> Or, you could change your slapcat to use "-b dc=bnl,dc=gov" which
> would be more explicit.  That is, of course, assuming that you want to
> dump your main DB and not the accesslog DB. ;)
Yeah it would be convenient if I was that dumb ;) , but I had tried
"-b", -n3, removing the accesslog db entries in slapd.conf and rerunning
slapcat.  All with the same results -- most of the main DB with a bunch
of accesslog DB garbage.   What is dogging me *so* much here is that
these are 2 distinct physical databases.

This is an example of the garbage I got yesterday from a slapcat for my
user (an illustration that some attributes are not attached to the main
DB but instead the accesslog DB, yet ldapsearchable to the main DB):

Cheers,
Robert

***********ldapsearch results*****************

# rpetkus, People, racf.bnl.gov
dn: uid=rpetkus,ou=People,dc=stuff,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
objectClass: ldapPublicKey
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
sn: rapetkus
employeeNumber: number
loginShellGateway: /bin/rbash
employeeStatus: Active
gecos: Robert Petkus
sshPublicKey: ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XasdfasdftDvNxbz3w
 se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=


******Here is the slapcat for my user**************

dn: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
uid: rpetkus
cn: Robert Petkus
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: racf
uidNumber: number
gidNumber: number
homeDirectory: /somewhere/rpetkus
loginShell: /bin/bash
gidNumberAtlas: number
homeDirectoryAtlas: /somewhere/rpetkus
experiment: RHIC/USATLAS
structuralObjectClass: inetOrgPerson
entryUUID: 689ce5e4-010f-102a-8eef-9882d4436e05
creatorsName: cn=account,dc=bnl,dc=gov
createTimestamp: 20051214170418Z
sn: rapetkus
userPassword::
employeeNumber: number
loginShellGateway: /bin/rbash
sshPublicKey: ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
 8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDX1XZELCHtDvNxbz3w
 se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKReqWx5hc9Id5q6oStWrNuNmpV48=
rpetkus@r
 sec00
employeeStatus: Active
gecos: Robert Petkus 1
entryCSN: 20060906145341Z#000000#00#000000
modifiersName: cn=Manager,dc=bnl,dc=gov
modifyTimestamp: 20060906145341Z

dn: reqStart=20060920134512.000000Z,cn=changelog
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20060920134512.000000Z
reqEnd: 20060920134512.000001Z
reqType: modify
reqSession: 423
reqAuthzID: cn=Manager,dc=bnl,dc=gov
reqDN: uid=rpetkus,ou=People,dc=racf,dc=bnl,dc=gov
reqResult: 0
reqMod: sshPublicKey:= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA36Y8jfKTKJgphUO30oaI9W5QVRUg
8+fM0FFYIkaiZUuaXBYpKaIiguUcQsy+3P+KjBTI0g1Qr3gewO20S0T4i8pDXasdfasdftDvNxbz3w
se4V+PPGQ/Bm4DXTjGRoMVNBABIoqWo3vYOVCvKasdfasdfId5q6oStWrNuNmpV48=
reqMod: entryCSN:= 20060920134512Z#000000#00#000000
reqMod: modifiersName:= cn=account,dc=bnl,dc=gov
reqMod: modifyTimestamp:= 20060920134512Z
entryUUID: fb865d9c-dcf9-102a-8a91-e5d2e62e4f1a
creatorsName: cn=changelog
createTimestamp: 20060920134512Z
entryCSN: 20060920134512Z#000000#00#000000
modifiersName: cn=changelog
modifyTimestamp: 20060920134512Z

What does a slapcat with the -f <config file> produce?

(To Karsten Kunne's point)
Also, the slapo-accesslog man page states:
These slapd.conf options apply to the  Access  Logging  overlay.   They
      should  appear  after  the  overlay directive and before any subsequent
      database directive.

Maybe your database is, in fact, getting corrupted by poor ordering.

Follow-Ups:
- Re: incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>

References:
- incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>
- Re: incomplete slapcat
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>
- Re: incomplete slapcat
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: incomplete slapcat
  - From: Robert Petkus <rpetkus@bnl.gov>

Prev by Date: Re: incomplete slapcat
Next by Date: Re: incomplete slapcat
Index(es):
- Chronological
- Thread