OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/7732
Full headers

From: lanfeust99@gmail.com
Subject: CSN too old MMR setup
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 24 Oct 2013 14:46:26 +0000
From: lanfeust99@gmail.com
To: openldap-its@OpenLDAP.org
Subject: CSN too old MMR setup
Full_Name: Lanfeut
Version: 2.4.36
OS: Centos
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.42.151.220)


sometimes my server a not in sync. because server ignoring entry:

do_syncrep2: rid=102 CSN too old, ignoring
20130923090023.266239Z#000000#002#000000

@(#) $OpenLDAP: slapd 2.4.36 (....)

4 server
host1 and host 2: only one database c=fr ( contain an ou=apps-ext )
host3 and host 4: tow database:
first ou=apps-ext (glued with c=fr ). writable by host1,2,3,4
second c=fr writable only by host1,2


ldap-int1 and ldap-int2 cn=config also into syncrepl mirrorMode
ldap-ext1 and ldap-ext2 cn=config also into syncrepl mirrorMode

all server are time sync.

Configuration:
grep serverID /etc/openldap/slapd.d/*
/etc/openldap/slapd.d/cn=config.ldif:olcServerID: 1 ldaps://ldap-int1.dom.fr
/etc/openldap/slapd.d/cn=config.ldif:olcServerID: 2 ldaps://ldap-int2.dom.fr
/etc/openldap/slapd.d/cn=config.ldif:olcServerID: 3
ldaps://ldap-ext1.vlandata.dom.fr
/etc/openldap/slapd.d/cn=config.ldif:olcServerID: 4
ldaps://ldap-ext2.vlandata.dom.fr

syncrepl:
ldap-int1 and ldap-int2 cn=config also into syncrepl

olcSyncrepl: {0}rid=101 provider=ldaps://ldap-int1.dom.fr binddn="uid=syncrepl
 ,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXXXXX sea
 rchbase="c=fr" tls_reqcert=never type=refreshAndPersist retry="5 5 300 +"
timeout=1
olcSyncrepl: {1}rid=102 provider=ldaps://ldap-int2.cdoms.fr
binddn="uid=syncrepl
 ,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXXXXX sea
 rchbase="c=fr" tls_reqcert=never type=refreshAndPersist retry="5 5 300 +"
timeout=1
olcSyncrepl: {2}rid=103 provider=ldaps://ldap-ext2.vlandata.dom.fr binddn="uid
 =syncrepl,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XX
 XXXX tls_reqcert=never searchbase="o=apps-ext,c=fr" type=refreshAndPersist r
 etry="5 5 300 +" timeout=1
olcSyncrepl: {3}rid=104 provider=ldaps://ldap-ext1.vlandata.dom.fr binddn="uid
 =syncrepl,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXX
 XXXX searchbase="o=apps-ext,c=fr" tls_reqcert=never type=refreshAndPersist r
 etry="5 5 300 +" timeout=1

syncrepl host3 and host4:

database apps-ext:
olcSyncrepl: {0}rid=303 provider=ldaps://ldap-ext1.vlandata.dom.fr binddn="uid
 =syncrepl,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXX
 XXXX searchbase="o=apps-ext,c=fr" tls_reqcert=never type=refreshAndPersist r
 etry="5 5 300 +" timeout=1
olcSyncrepl: {1}rid=304 provider=ldaps://ldap-ext2.vlandata.dom.fr binddn="uid
 =syncrepl,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXX
 XXX searchbase="o=apps-ext,c=fr" tls_reqcert=never type=refreshAndPersist r
 etry="5 5 300 +" timeout=1

database c=fr :
olcSyncrepl: {0}rid=201 provider=ldaps://ldap-int1.dom.fr binddn="uid=syncrepl
 ,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXXXXX sea
 rchbase="c=fr" tls_reqcert=never type=refreshAndPersist retry="5 5 300 +" tim
 eout=1
olcSyncrepl: {1}rid=202 provider=ldaps://ldap-int2.dom.fr binddn="uid=syncrepl
 ,ou=system,ou=dom,o=domgroup,c=fr" bindmethod=simple credentials=XXXXXX tls
 _reqcert=never searchbase="c=fr" type=refreshAndPersist retry="5 5 300 +" tim
 eout=1

ldap-int1 receive syncrepl modification from ldap-int2 with this log:

ldap-int1 log:
syncprov_matchops: skipping original sid 002
Oct  4 15:00:24 ldap-int1 slapd[24555]: slap_graduate_commit_csn: removing
0x7f7bf8200b40 20131004150021.988007Z#000000#002#000000
Oct  4 15:00:24 ldap-int1 slapd[24555]: syncrepl_entry: rid=102 be_add
cn=502296-xxxxxx,ou=aaaaa,ou=bbbb,o=cccc,c=dd (0)
... ...

ldap-ext2 receive the same modification an reply to ldap-int1 with new
cookie

ldap-int1 log
Oct  4 15:00:24 ldap-int1 slapd[24555]: do_syncrep2: rid=103 NEW_COOKIE:
rid=103,sid=004,csn=20130304121522.188962Z#000000#000#000000;20131004082718.688747Z#000000#001#000000;20131004150023.350876Z#000000#002#000000;20130920094950.036431Z#000000#003#000000;20130930134451.718477Z#000000#004#000000;20130304131428.455916Z#000000#00b#000000;20130304125618.164164Z#000000#00c#00000

Another modification from ldap-int2 isn't apply to ldap-int1 because of csn
too old

Oct  4 15:00:24 ldap-int1 slapd[24555]: syncrepl_entry: rid=102 be_add
cn=502296-bbbb,ou=aaaaa,ou=bbbb,o=cccc,c=dd (0)
Oct  4 15:00:24 ldap-int1 slapd[24555]: do_syncrep2: rid=102
cookie=rid=102,sid=002,csn=20131004150022.050845Z#000000#002#000000
Oct  4 15:00:24 ldap-int1 slapd[24555]: do_syncrep2: rid=102 CSN too old,
ignoring 20131004150022.050845Z#000000#002#000000
(cn=502296-bbbb,ou=aaaaa,ou=bbbb,o=cccc,c=dd)
Oct  4 15:00:24 ldap-int1 slapd[24555]: do_syncrep2: rid=102
cookie=rid=102,sid=002,csn=20131004150022.100121Z#000000#002#000000

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org