[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4626) "glue" objectclass in syncrepl consumer
Full_Name: Andreas Hasenack
Version: 2_3_REL_ENG (about to be 2.3.25)
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.140.247.99)
This entry:
dn: ou=Global,dc=example,dc=com
ou: Global
objectClass: organizationalUnit
description: Container for global data that is replicated
structuralObjectClass: organizationalUnit
entryUUID: 4af16562-b503-102a-937c-e70b64b15acf
creatorsName: cn=manager,dc=example,dc=com
createTimestamp: 20060731171104Z
entryCSN: 20060731173609Z#000000#00#000000
modifiersName: cn=manager,dc=example,dc=com
modifyTimestamp: 20060731173609Z
contextCSN: 20060731173610Z#000000#00#000000
Shows up like this on the consumer (emphasis mine):
dn: ou=Global,dc=example,dc=com
entryUUID: 1eab9ca6-b4f0-102a-9acc-ef642cc67d62
creatorsName: cn=manager,dc=example,dc=com
createTimestamp: 20060731171104Z
objectClass: top
objectClass: glue <-----------
structuralObjectClass: glue <----------
entryCSN: 20060731171554Z#000000#00#000000
modifiersName: cn=manager,dc=example,dc=com
modifyTimestamp: 20060731171554Z
Note how the organizationalUnit OC vanished and was replaced by the "glue"
objectClass. The description attribute is also gone.
When starting up this consumer with -d 16384 and an empty database, the last log
lines are these:
syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
syncrepl_entry: be_search (0)
syncrepl_entry: uid=LDAP Admin,ou=System Accounts,ou=global,dc=example,dc=com
syncrepl_entry: be_add (0)
do_syncrep2: LDAP_RES_INTERMEDIATE - REFRESH_PRESENT
syncrepl_del_nonpresent: be_delete ou=Global,dc=example,dc=com (66)
My setup consists of three servers:
a) syncrepl provider for the whole database: dc=example,dc=com
b) Two databases:
- ou=global,dc=example,dc=com: consumer from (a)
- dc=example,dc=com: provider
Both are glued together.
c) One database, pulling everything from (b)
Config files for (a), (b) and (c) are below. I can also submit the sample
databases I'm using if needed.
slapd.conf.a:
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/nis.schema
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
moduleload syncprov.la
loglevel 256
database bdb
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
checkpoint 512 30
directory /var/lib/ldap
dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index entryCSN,entryUUID eq
access to dn.subtree="dc=example,dc=com"
by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to attrs=shadowLastChange
by self write
by * read
access to dn.subtree="dc=example,dc=com"
by * read
slapd.conf.b:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
loglevel 256
database bdb
suffix "ou=global,dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
checkpoint 512 30
directory /var/lib/ldap-global
dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152
subordinate
# doesn't matter if uncommented or not:
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 1000
syncrepl rid=001
provider=ldap://10.0.2.177
type=refreshAndPersist
retry="60 +"
searchbase="ou=Global,dc=example,dc=com"
scope=sub
filter="(objectClass=*)"
bindmethod=simple
binddn="uid=LDAP Replicator,ou=System
Accounts,ou=Global,dc=example,dc=com"
credentials="ldapreplicator"
updateref ldap://10.0.2.177
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index entryCSN,entryUUID eq
access to dn.subtree="ou=Global,dc=example,dc=com"
by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to attrs=shadowLastChange
by self write
by * read
access to dn.subtree="ou=Global,dc=example,dc=com"
by * read
#####################################################################
database bdb
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
checkpoint 512 30
directory /var/lib/ldap-remote
dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152
overlay glue
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index entryCSN,entryUUID eq
access to dn.subtree="dc=example,dc=com"
by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to attrs=shadowLastChange
by self write
by * read
access to dn.subtree="dc=example,dc=com"
by * read
slapd.conf.c:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
loglevel 256
database bdb
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
checkpoint 512 30
directory /var/lib/ldap
dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index entryCSN,entryUUID eq
access to dn.subtree="dc=example,dc=com"
by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to attrs=shadowLastChange
by self write
by * read
access to dn.subtree="dc=example,dc=com"
by * read
syncrepl rid=002
provider=ldap://10.199.64.4
type=refreshAndPersist
retry="60 +"
searchbase="dc=example,dc=com"
scope=sub
filter="(objectClass=*)"
bindmethod=simple
binddn="uid=LDAP Replicator,ou=System
Accounts,ou=Global,dc=example,dc=com"
credentials="ldapreplicator"