[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9056) Replication does not work with different schemas on primary and secondary LDAP
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9056) Replication does not work with different schemas on primary and secondary LDAP
- From: alex.soloviov@wildix.com
- Date: Tue, 23 Jul 2019 07:10:09 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Hello, Howard
Thank you for a quick reply
Actually, I have the configuration with several LDAP server without this =
problem. But the version of these LDAPs is a bit less - 2.4.31.=20
On this installation when I changed the schema on the main server, on =
secondary I see fully replicated data and warnings about unknown =
attributes like:
5d36b192 UNKNOWN attributeDescription "TESTTYPE" inserted.
Can I get the same behavior on the current/latest version?
Thank you in advance.
Best regards, Alex
> On Jul 22, 2019, at 19:38, Howard Chu <hyc@symas.com> wrote:
>=20
> alex.s@wildix.com wrote:
>> Full_Name: Alex
>> Version: 2.4.44+dfsg-5+deb9u2
>> OS: Debian 9
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (154.41.3.130)
>>=20
>>=20
>> Looks like schemachecking parameter does not work properly
>>=20
>> I have a few LDAPs
>> On main LDAP server I changed the schema with an additional =
attribute.
>>=20
>> On the secondary LDAPs I have a problem with replication (does not =
download
>> items which have new attribute)
>>=20
>> I have the following configuration on the secondary LDAP:
>>=20
>> olcSyncrepl: {0}rid=3D001 provider=3Dldap://remote_ldap_addr =
bindmethod=3Dsimple
>> timeout=3D0
>> network-timeout=3D0 binddn=3D"cn=3Dadmin,dc=3Dexample" =
credentials=3D"testPass"
>> starttls=3Dno filter=3D"(objectclass=3D*)" searchbase=3D"dc=3Dexample" =
scope=3Dsub
>> schemachecking=3Doff type=3DrefreshAndPersist interval=3D00:00:02:00 =
retry=3D"5 +"
>>=20
>>=20
>> I have the following errors in syslog:
>>=20
>> Jul 22 17:05:29 221100000e68 slapd[6838]: null_callback : error code =
0x50
>> Jul 22 17:05:29 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 =
be_add
>> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80)
>> Jul 22 17:05:29 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc =
80 retrying
>> Jul 22 17:05:34 221100000e68 slapd[6838]: null_callback : error code =
0x50
>> Jul 22 17:05:34 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 =
be_add
>> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80)
>> Jul 22 17:05:34 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc =
80 retrying
>> Jul 22 17:05:39 221100000e68 slapd[6838]: null_callback : error code =
0x50
>> Jul 22 17:05:39 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 =
be_add
>> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80)
>> Jul 22 17:05:39 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc =
80 retrying
>=20
> syncrepl is ignoring the schema as you requested. However the =
underlying backend is refusing
> to store the entries that syncrepl passes to it.
>=20
> In general, turning off schema checking is only safe for overriding =
syntax validity checks
> on known attributes. You still have to at least define the existence =
of these attributes
> on all participating servers.
>=20
> --=20
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/