[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8926) glue records + syncrepl



goudal@bordeaux-inp.fr wrote:
> Full_Name: Fr.d.ric Goudal
> Version: 2.4.46
> OS: ubuntu 18.14 LTS
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (147.210.204.135)
> 
> 
> The global setup is the following :
> - 1 master ldap (2.4.40)
> - 1 hidden slave on the master ldap, same suffix, ldap backend
> - 1 ldap backend on a distant server (2.4.46)
> 
> When starting synchronisation the following event are happening :
> - for some reason the sync process ask for creating
> dn:uid=foo,ou=bar,dc=my,dc=domaine BEFORE the creation of
> dn : ou=bar,dc=my,dc=domain
> 
> - on the backend the following entries are created in that order
>    - dn:ou=bar,dc=my,dc=domain with the object class glue
>    - dn: uid=foo,ou=bar,dc=my,dc=domain
> 
> Than... the sync tries to create ou=bar,dc=my,dc=domain with the correct
> objectClass : organizationalUnit
> But, as the object exists on the backend ldap, creation fails, and
> synchronization stops.
> 
> Solution 
>      -remove by hand the dn: uid=foo,ou=bar,dc=my,dc=domain, that remove the
> glue object
>     - create by hand the ou=bar,dc=my,dc=domain
> 
> What IMHO slapd should do :
> - either check that it does not add an object before its parent objects

No. This behavior is already documented in the Syncrepl specification.

> - either convert the glue object to the correct object when the real creation is
> needed.

The slapd consumer already does this when running on a local database. It would
require Manage privileges when running through back-ldap. Check your back-ldap configuration.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/