[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9056) Replication does not work with different schemas on primary and secondary LDAP
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9056) Replication does not work with different schemas on primary and secondary LDAP
- From: hyc@symas.com
- Date: Mon, 22 Jul 2019 16:39:01 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
alex.s@wildix.com wrote:
> Full_Name: Alex
> Version: 2.4.44+dfsg-5+deb9u2
> OS: Debian 9
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (154.41.3.130)
>
>
> Looks like schemachecking parameter does not work properly
>
> I have a few LDAPs
> On main LDAP server I changed the schema with an additional attribute.
>
> On the secondary LDAPs I have a problem with replication (does not download
> items which have new attribute)
>
> I have the following configuration on the secondary LDAP:
>
> olcSyncrepl: {0}rid=001 provider=ldap://remote_ldap_addr bindmethod=simple
> timeout=0
> network-timeout=0 binddn="cn=admin,dc=example" credentials="testPass"
> starttls=no filter="(objectclass=*)" searchbase="dc=example" scope=sub
> schemachecking=off type=refreshAndPersist interval=00:00:02:00 retry="5 +"
>
>
> I have the following errors in syslog:
>
> Jul 22 17:05:29 221100000e68 slapd[6838]: null_callback : error code 0x50
> Jul 22 17:05:29 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add
> uid=1326514,o=com0,dc=example failed (80)
> Jul 22 17:05:29 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying
> Jul 22 17:05:34 221100000e68 slapd[6838]: null_callback : error code 0x50
> Jul 22 17:05:34 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add
> uid=1326514,o=com0,dc=example failed (80)
> Jul 22 17:05:34 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying
> Jul 22 17:05:39 221100000e68 slapd[6838]: null_callback : error code 0x50
> Jul 22 17:05:39 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add
> uid=1326514,o=com0,dc=example failed (80)
> Jul 22 17:05:39 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying
syncrepl is ignoring the schema as you requested. However the underlying backend is refusing
to store the entries that syncrepl passes to it.
In general, turning off schema checking is only safe for overriding syntax validity checks
on known attributes. You still have to at least define the existence of these attributes
on all participating servers.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/