Re: ldapmodify error

[Michael Ströder <michael@stroeder.com>]

Naufal Sheikh wrote:
> Ok, I am using openldap 2.2.20 on both machines.

You should seriously consider upgrading since 2.2.x is historic since quite 
a while. Historic means there is absolutely no support for this code base 
anymore. Even no security fixes! Nada!

> I have added replog attribute in the slapd.conf of my backup machine. I 
> switch off my production for maintainance, and swithc the backup on. AS 
> it has replog enabled it starts creating logs of the events, After 
> maintainance activity I ftp the replog to production and use ldapmodify 
> to apply those logs on production.

This is a very unusual approach. Note that ldapmodify is a normal DUA 
(directory *user* agent).

> ldap_modify: Constraint violation (19)
>          additional info: entryCSN: no user modification allowed
>
> IF I edit my replog and remove all the stuff like
>
> replace: lastModifiedTime
> lastModifiedTime: 2008-03-24 12:27
> -
> replace: entryCSN
> entryCSN: 20080324172725Z#000001#00#000000

These attributes are operational attributes not modifiable by a normal DUA. 
Consider deploying a real replication mechanism (syncrepl preferred). There 
are several modes available which should satisfy your particular needs.

http://www.openldap.org/doc/admin24/config.html#Replicated%20Directory%20Service

http://www.openldap.org/doc/admin24/replication.html

http://www.openldap.org/faq/data/cache/1170.html

Ciao, Michael.