[Date Prev][Date Next] [Chronological] [Thread] [Top]

Error message with memberof overlay



Hi !

In my logs, I saw lot of lines like this (we have a poor script which refresh the base with delete/add primitives) :

memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16

I can reproduce the problem with a small LDIF :

# 1st part
dn: uid=V6971,ou=people,dc=xxx,dc=com
changetype: delete
dn: uid=V6971,ou=people,dc=xxx,dc=com
changetype: add
objectClass...

# 2nd part
dn: cn=VAC,ou=groups,dc=xxx,dc=com
changetype: delete
dn: cn=VAC,ou=groups,dc=xxx,dc=com
changetype: add
objectClass...

In the logs (shown below), we saw that problem occurs only on the delete of cn=VAC but if I reduce the LDIF to that (2nd part), I have no more the problem !? I don't understand...

Here the logs with all the LDIF :

Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 fd=32 ACCEPT from IP=192.168.0.1:48049 (IP=0.0.0.0:389)
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 RESULT tag=97 err=0 text=
--> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=1 DEL dn="cn=VAC,ou=groups,dc=xxx,dc=com"
--> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1: memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1 RESULT tag=107 err=0 text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 ADD dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 RESULT tag=105 err=0 text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 DEL dn="uid=V6971,ou=people,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 RESULT tag=107 err=0 text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 ADD dn="uid=V6971,ou=people,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 RESULT tag=105 err=0 text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=5 UNBIND
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 fd=32 closed


And here the logs with only the 2nd part of LDIF :

Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 ACCEPT from IP=192.168.0.1:43599 (IP=0.0.0.0:389)
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 RESULT tag=97 err=0 text=
--> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 DEL dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 RESULT tag=107 err=0 text=
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 ADD dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 RESULT tag=105 err=0 text=
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=3 UNBIND
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 closed


For information, here the configuration of memberOf overlay :

dn: olcOverlay={0}memberof, olcDatabase={1}hdb, cn=config
olcMemberOfMemberAD: member
olcMemberOfRefInt: FALSE
olcOverlay: memberof
olcMemberOfDangling: ignore
objectClass: olcMemberOf
objectClass: olcOverlayConfig
olcMemberOfMemberOfAD: memberOf
olcMemberOfGroupOC: groupOfNames


We run OpenLDAP 2.4.31 replicated onto another host on Debian Wheezy.
Do you have an idea on the problem ?

Thanks,
Sylvain