[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4626) "glue" objectclass in syncrepl consumer



Full_Name: Andreas Hasenack
Version: 2_3_REL_ENG (about to be 2.3.25)
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (200.140.247.99)


This entry:

dn: ou=Global,dc=example,dc=com
ou: Global
objectClass: organizationalUnit
description: Container for global data that is replicated
structuralObjectClass: organizationalUnit
entryUUID: 4af16562-b503-102a-937c-e70b64b15acf
creatorsName: cn=manager,dc=example,dc=com
createTimestamp: 20060731171104Z
entryCSN: 20060731173609Z#000000#00#000000
modifiersName: cn=manager,dc=example,dc=com
modifyTimestamp: 20060731173609Z
contextCSN: 20060731173610Z#000000#00#000000

Shows up like this on the consumer (emphasis mine):
dn: ou=Global,dc=example,dc=com
entryUUID: 1eab9ca6-b4f0-102a-9acc-ef642cc67d62
creatorsName: cn=manager,dc=example,dc=com
createTimestamp: 20060731171104Z
objectClass: top
objectClass: glue <-----------
structuralObjectClass: glue <----------
entryCSN: 20060731171554Z#000000#00#000000
modifiersName: cn=manager,dc=example,dc=com
modifyTimestamp: 20060731171554Z

Note how the organizationalUnit OC vanished and was replaced by the "glue"
objectClass. The description attribute is also gone.

When starting up this consumer with -d 16384 and an empty database, the last log
lines are these:
syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
syncrepl_entry: be_search (0)
syncrepl_entry: uid=LDAP Admin,ou=System Accounts,ou=global,dc=example,dc=com
syncrepl_entry: be_add (0)
do_syncrep2: LDAP_RES_INTERMEDIATE - REFRESH_PRESENT
syncrepl_del_nonpresent: be_delete ou=Global,dc=example,dc=com (66)

My setup consists of three servers:

a) syncrepl provider for the whole database: dc=example,dc=com

b) Two databases:
- ou=global,dc=example,dc=com: consumer from (a)
- dc=example,dc=com: provider
Both are glued together.

c) One database, pulling everything from (b)

Config files for (a), (b) and (c) are below. I can also submit the sample
databases I'm using if needed.

slapd.conf.a:
include         /usr/share/openldap/schema/core.schema
include         /usr/share/openldap/schema/cosine.schema
include         /usr/share/openldap/schema/inetorgperson.schema
include         /usr/share/openldap/schema/nis.schema

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

modulepath      /usr/lib/openldap
moduleload      syncprov.la

loglevel 256

database bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
checkpoint      512 30
directory       /var/lib/ldap

dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000

index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
index   entryCSN,entryUUID                              eq

access to dn.subtree="dc=example,dc=com"
        by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
        by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
        by * break

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to attrs=shadowLastChange
        by self write
        by * read

access to dn.subtree="dc=example,dc=com"
        by * read




slapd.conf.b:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/openldap/modules

loglevel 256

database        bdb
suffix          "ou=global,dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
checkpoint      512 30
directory       /var/lib/ldap-global
dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152

subordinate

# doesn't matter if uncommented or not:
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 1000

syncrepl        rid=001
                provider=ldap://10.0.2.177
                type=refreshAndPersist
                retry="60 +"
                searchbase="ou=Global,dc=example,dc=com"
                scope=sub
                filter="(objectClass=*)"
                bindmethod=simple
                binddn="uid=LDAP Replicator,ou=System
Accounts,ou=Global,dc=example,dc=com"
                credentials="ldapreplicator"

updateref       ldap://10.0.2.177

index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
index   entryCSN,entryUUID                              eq

access to dn.subtree="ou=Global,dc=example,dc=com"
        by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
        by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
        by * break
access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to attrs=shadowLastChange
        by self write
        by * read

access to dn.subtree="ou=Global,dc=example,dc=com"
        by * read


#####################################################################
database bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
checkpoint      512 30
directory       /var/lib/ldap-remote

dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152

overlay glue
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000

index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
index   entryCSN,entryUUID                              eq

access to dn.subtree="dc=example,dc=com"
        by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
        by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
        by * break

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to attrs=shadowLastChange
        by self write
        by * read

access to dn.subtree="dc=example,dc=com"
        by * read


slapd.conf.c:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/openldap/modules

loglevel 256

database bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
checkpoint      512 30
directory       /var/lib/ldap

dbconfig set_cachesize 0 33554432 1
dbconfig set_lg_bsize 2097152


index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
index   entryCSN,entryUUID                              eq

access to dn.subtree="dc=example,dc=com"
        by group.exact="cn=LDAP Replicators,ou=System
Groups,ou=global,dc=example,dc=com" read
        by group.exact="cn=LDAP Admins,ou=System
Groups,ou=global,dc=example,dc=com" write
        by * break

access to attrs=userPassword
        by anonymous auth
        by self write
        by * none

access to attrs=shadowLastChange
        by self write
        by * read

access to dn.subtree="dc=example,dc=com"
        by * read

syncrepl        rid=002
                provider=ldap://10.199.64.4
                type=refreshAndPersist
                retry="60 +"
                searchbase="dc=example,dc=com"
                scope=sub
                filter="(objectClass=*)"
                bindmethod=simple
                binddn="uid=LDAP Replicator,ou=System
Accounts,ou=Global,dc=example,dc=com"
                credentials="ldapreplicator"