[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5990) Segmentation Fault with slapd with two olcSyncrepl directives in the config database

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5990) Segmentation Fault with slapd with two olcSyncrepl directives in the config database
From: hyc@symas.com
Date: Wed, 4 Mar 2009 22:48:54 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

crispy@cluenet.org wrote:
> Full_Name: Chris Breneman
> Version: 2.4.15
> OS: Debian Lenny
> URL:
> Submission from: (NULL) (207.38.203.80)
>
>
> Using this configuration on a replication consumer, it segfaults almost
> immediately, and on startup.

> === ./slapd.d/cn=config/olcDatabase={0}config.ldif ===
> dn: olcDatabase={0}config
> objectClass: olcDatabaseConfig
> olcDatabase: {0}config
> olcAccess: {0}to *  by * none
> olcAddContentAcl: TRUE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=config
> olcRootPW:: XXXXXXXXXXX
> olcMonitoring: FALSE
> structuralObjectClass: olcDatabaseConfig
> entryUUID: 410b0970-9d47-102d-8854-57b95f7e164c
> creatorsName: cn=config
> createTimestamp: 20090304203158Z
> olcSyncrepl: {0}rid=3 provider=ldap://ldap.cluenet.org type=refreshAndPersist
>   interval=00:00:01:00 retry="60 10 300 +" searchbase="cn=schema,cn=config" bin
>   dmethod=simple binddn="cn=replicator,dc=cluenet,dc=org" credentials="xxxxxxxx
>   xxxxxxxxx" starttls=critical tls_cacert=/etc/ssl/certs/Cluenet.pem tls_reqcer
>   t=demand
> olcSyncrepl: {1}rid=4 provider=ldap://ldap.cluenet.org type=refreshAndPersist
>   interval=00:00:01:00 retry="60 10 300 +" searchbase="olcDatabase={0}config,cn
>   =config" attrs=olcAccess bindmethod=simple binddn="cn=replicator,dc=cluenet,d
>   c=org" credentials="xxxxxxxxxxxxxxxxx" starttls=critical tls_cacert=/etc/ssl/
>   certs/Cluenet.pem tls_reqcert=demand
> entryCSN: 20090304203402.651594Z#000000#000#000000
> modifiersName: cn=config
> modifyTimestamp: 20090304203402Z

This replication config is not currently supported. Fractional replication 
means the consumer gets a subset of the provider's attributes. But it also 
means that the consumer can *only* have that subset. Here, cn=config needs all 
of its attributes in order to function, but the consumer code will attempt to 
delete the non-replicated ones because they aren't part of the info received 
from the provider.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#5990) Segmentation Fault with slapd with two olcSyncrepl directives in the config database
Next by Date: (ITS#5991) slapd+gnutls doesn't send all of the CA certs available in the certficate chain while slapd+openssl does
Index(es):
- Chronological
- Thread