[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: So I finally upgraded from slurpd...



On Fri, 9 Jul 2010, Quanah Gibson-Mount wrote:

> --On Thursday, July 08, 2010 7:04 PM +0200 Kolbjørn Barmen
> <kolbjorn.barmen@uninett.no> wrote:
> 
> > I have at last upgraded a system from using slurpd (debian etch, slapd
> > 2.3.30) to using replsync, at least that was the intention.
> 
> I believe you mean SyncRepl (Sync Replication).

Yes - ofcourse :)
  
> What version of OpenLDAP is on the master? 2.3.30?

It is running 2.4.23.

> > syncrepl rid=123
> >         provider=ldaps://masterserver.uninett.no:636/
> >         type=refreshOnly
> >         interval=00:00:00:10
> >         retry="60 +"
> >         searchbase="dc=foo,dc=no"
> >         scope=sub
> >         schemachecking=off
> >         bindmethod=simple
> >         binddn="cn=admin,dc=foo,dc=no"
> >         credentials="f00bAr123"
> 
> I highly advise using refreshAndPersist rather than refreshOnly.

Right! :)

> > When I start slapd on the slave I get on the slave:
> > ===================
> > 18:37:50 server.foo.no slapd[7971]: @(#) $OpenLDAP: slapd 2.4.23 (Jul  5
> > 2010 18:35:50) $
> > ^Iroot@localhost:/home/kolla/openldap/openldap-2.4.23/debian/build/server
> > s/slapd 18:37:50 server.foo.no slapd[7972]: slapd starting
> > 18:37:50 server.foo.no slapd[7972]: syncrepl_message_to_entry: rid=123
> > mods check (objectClass: value #0 provided more than once) 18:37:50
> > server.foo.no slapd[7972]: do_syncrepl: rid=123 rc 20 retrying 18:38:50
> > server.foo.no slapd[7972]: syncrepl_message_to_entry: rid=123 mods check
> > (objectClass: value #0 provided more than once) 18:38:50 server.foo.no
> > slapd[7972]: do_syncrepl: rid=123 rc 20 retrying ===================
> 
> 
> I would advise you start the slave with the "-d -1" options passed to the
> slapd binary, so you can see exactly what the master is sending to the
> replica.  It sounds like it is sending invalid data.  This could be a bug in
> the version that the master is running. You might want to try running a
> separate master for testing, that uses OpenLDAP 2.4.23 as well.  There have
> been a multitude of fixes to the syncrepl code in OpenLDAP since the 2.3
> series.

Both slave and master are running 2.4.23.

After som debugging I found the culprit, turned out the error message 
"(objectClass: value #0 provided more than once)" was a nice hint.
(allthought I don't quite see what "value ¤0" is supposed to tell me)

Just by coincident I tried to change the object "cn=admin,dc=foo,dc=no"
on the master with an ldap editor (gq), and got the same error message in
return.

It turned out that the object cn=admin,dc=foo,dc=no had multiple occurances
of "objectClass: organizationalRole" (!), and this also prevented syncrepl
from working. I suspect it was a result of "manual" editing of ldif files
followed by an import using slapadd. I get no warnings from slapadd when I
import import objects with multiple occurances of the same objectClass.

Perhaps slapadd/slapd should be able to deal with such duplicate entries
better, to make it more obivous what's wrong? I'm just saying :)

Thanks!

-- 
Kolbjørn Barmen
UNINETT Driftsenter