Full_Name: Alex Schumann Version: 2.4.11 OS: freebsd 7.0-release-p3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (128.101.220.229) We are using nis.schema's nisNetgroupTriple to hold unix netgroups. When we make a change, we do so using the following code snipit: $mesg = $ldap_master->modify ( $dn, replace => [ 'nisNetgroupTriple' => \@{$groups{$g}} ] ); The master accepts this change, but all the syncrepl slaves immediately start failing: Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_search (0) Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 cn=ng115,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 entry unchanged, ignored (cn=ng115,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed) Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_search (0) Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 cn=ng116,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed Oct 29 11:54:28 lanark slapd[4187]: null_callback : error code 0x12 Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_modify (18) Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_modify failed (18) Oct 29 11:54:28 lanark slapd[4187]: do_syncrepl: rid=001 retrying Error code 0x12 is LDAP_INAPPROPRIATE_MATCHING, which indicates that syncrepl tried to do a delete/add on a multivalued attribute witohout an equality matching rule. Reason being, the schema for nis defines nisNetgroupTriple without an EQUALITY. You can argue between openldap and sun if that is an error in the schema, but fact is syncrepl should not fail in this or similar cases. Proper behavior would be if there is no equality, syncrepl should fall back to a replace. many thanks to hyc on freenode #openldap for helping me to understand what was going on here. http://www.archivesat.com/OpenLDAP_bugs/thread1581049.htm indicates nisNetgroupTriple is improperly defined according to SUN, but is really an aside on this bug.
changed notes changed state Open to Test moved from Incoming to Software Bugs
Patched in servers/slapd/syncrepl.c rev 1.418 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/syncrepl.c.diff?r1=1.417&r2=1.418&cvsroot=OpenLDAP-src&hideattic=1&sortbydate=0 I applied the patch to 2.4.11 and verified it does solve the problem. Thanks!
changed notes
changed notes changed state Test to Release
changed notes changed state Release to Closed
fixed in HEAD (confirmed) fixed in RE24