[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5781) syncrepl doing delete/add on items without equality

To: openldap-its@OpenLDAP.org
Subject: (ITS#5781) syncrepl doing delete/add on items without equality
From: rubin@physics.umn.edu
Date: Thu, 30 Oct 2008 16:18:53 GMT

Full_Name: Alex Schumann
Version: 2.4.11
OS: freebsd 7.0-release-p3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.101.220.229)


We are using nis.schema's  nisNetgroupTriple to hold unix netgroups. When we
make a change, we do so using the following code snipit:

 $mesg = $ldap_master->modify ( $dn, replace => [ 'nisNetgroupTriple' =>
\@{$groups{$g}} ] );


The master accepts this change, but all the syncrepl slaves immediately start
failing:

Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_search (0)
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001
cn=ng115,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 entry unchanged,
ignored (cn=ng115,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed)
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001
LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_search (0)
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001
cn=ng116,ou=Netgroup,dc=suppressed,dc=suppressed,dc=suppressed
Oct 29 11:54:28 lanark slapd[4187]: null_callback : error code 0x12
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_modify (18)
Oct 29 11:54:28 lanark slapd[4187]: syncrepl_entry: rid=001 be_modify failed
(18)
Oct 29 11:54:28 lanark slapd[4187]: do_syncrepl: rid=001 retrying

Error code 0x12 is LDAP_INAPPROPRIATE_MATCHING, which indicates that syncrepl
tried to do a delete/add on a multivalued attribute witohout an equality
matching rule. Reason being, the schema for nis defines nisNetgroupTriple
without an EQUALITY. You can argue between openldap and sun if that is an error
in the schema, but fact is syncrepl should not fail in this or similar cases.
Proper behavior would be if there is no equality, syncrepl should fall back to a
replace.

many thanks to hyc on freenode #openldap for helping me to understand what was
going on here.

http://www.archivesat.com/OpenLDAP_bugs/thread1581049.htm indicates
nisNetgroupTriple is improperly defined according to SUN, but is really an aside
on this bug.

Prev by Date: Re: (ITS#5764) addpartial patch
Next by Date: Re: (ITS#5764) addpartial patch
Index(es):
- Chronological
- Thread