[Date Prev][Date Next] [Chronological] [Thread] [Top]
Replication Problems

To: <openldap-software@OpenLDAP.org>
Subject: Replication Problems
From: Geoff Silver <geoff@uslinux.net>
Date: Fri, 12 Jul 2002 09:57:09 -0400 (EDT)
Recently, a client of mine began having problems with his OpenLDAP
2.0.23-6 setup.  He has one master and two replicas, all using the same
version under Debian Linux (Woody), all configured with PAM-ldap and
libnss-ldap, and performing queries against themselves.  This
configuration was working until recently.

In the last week or so, a few users were not able to log in to the
replicas, but could still log in to the master.  'getent passwd <user>'
shows the "broken" user on the master, but none of the slaves.  Users
which can still log in to all servers show up properly using the above
command.

Oddly, we stopped slapd on the replicas, copied over the master databases,
then restarted slapd, yet the problem *still* exists.  If using slapcat to
dump the database, however, the user information is identical on both the
master and slaves.  Master and slave slapd.conf files are identical,
except the master server contains the replica lines.

Yesterday, I attempted to change my password on the master LDAP using the
unix 'passwd' command (which is PAM enabled).  The password was
successfully changed on the master, but was not replicated to the slaves.
My slave replication files show (note: XXXXXXX and "customerdomain" were
added by me to protect the password/domain integrity):

	ERROR: Constraint violation
	replica: africa.customerdomain.com:0
	time: 1026425459.0
	dn: cn=Geoff Silver,ou=people,dc=customerdomain,dc=com
	changetype: modify
	replace: userPassword
	userPassword:: e2NyeXB0fTc3Ri55bm5ZXXXXXXX=
	-
	replace: modifiersName
	modifiersName: cn=Geoff Silver,ou=people,dc=customerdomain,dc=com
	-
	replace: modifyTimestamp
	modifyTimestamp: 20020711221059Z
	-

/var/log/syslog shows the following on all three servers when starting
slapd:

Jul 11 18:04:20 africa slapd[8565]: daemon: socket() failed errno=97
(Address family not supported by protocol)

Finally, I started slurpd on the master server in full debug mode (level
255).  At the bottom of this e-mail is what I believe to be the relevant
part of the dump, but basically I believe the slaves are returning the
error "modifiersName: no user modification allowed", which is being noted
in the master replication logs as a "Constraint violation".

Thanks for *any* help anyone can provide.


* host: pangaea.customerdomain.com  port: 389  (default)
refcnt: 2  status: Connected
last used: Thu Jul 11 18:06:15 2002

** Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 4, all 1
ber_get_next
ldap_read: want=1, got=1
0000:  30                                                 0
ldap_read: want=1, got=1
0000:  37                                                 7
ldap_read: want=55, got=55
0000:  02 01 04 67 32 0a 01 13  04 00 04 2b 6d 6f 64 69   ...g2......+modi
0010:  66 69 65 72 73 4e 61 6d  65 3a 20 6e 6f 20 75 73   fiersName: no us
0020:  65 72 20 6d 6f 64 69 66  69 63 61 74 69 6f 6e 20   er modification
0030:  61 6c 6c 6f 77 65 64                               allowed
ber_get_next: tag 0x30 len 55 contents:
ber_dump: buf=0x40301698 ptr=0x40301698 end=0x403016cf len=55
0000:  02 01 04 67 32 0a 01 13  04 00 04 2b 6d 6f 64 69   ...g2......+modi
0010:  66 69 65 72 73 4e 61 6d  65 3a 20 6e 6f 20 75 73   fiersName: no us
0020:  65 72 20 6d 6f 64 69 66  69 63 61 74 69 6f 6e 20   er modification
0030:  61 6c 6c 6f 77 65 64                               allowed
ldap_read: message type modify msgid 4, original id 4
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x40301698 ptr=0x4030169b end=0x403016cf len=52
0000:  67 32 0a 01 13 04 00 04  2b 6d 6f 64 69 66 69 65   g2......+modifie
0010:  72 73 4e 61 6d 65 3a 20  6e 6f 20 75 73 65 72 20   rsName: no user
0020:  6d 6f 64 69 66 69 63 61  74 69 6f 6e 20 61 6c 6c   modification all
0030:  6f 77 65 64                                        owed
read1msg:  0 new referrals
read1msg:  mark request completed, id = 4
request 4 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x40301698 ptr=0x4030169b end=0x403016cf len=52
0000:  67 32 0a 01 13 04 00 04  2b 6d 6f 64 69 66 69 65   g2......+modifie
0010:  72 73 4e 61 6d 65 3a 20  6e 6f 20 75 73 65 72 20   rsName: no user
0020:  6d 6f 64 69 66 69 63 61  74 69 6f 6e 20 61 6c 6c   modification all
0030:  6f 77 65 64                                        owed
ber_scanf fmt (}) ber:
ber_dump: buf=0x40301698 ptr=0x403016cf end=0x403016cf len=0

ldap_msgfree
ldap_err2string
Error: ldap_modify_s failed modifying "Constraint violation": cn=Geoff
Silver,ou=people,dc=customerdomain,dc=com
ldap_err2string
read1msg: msgid 3, all 1
ber_get_next
ldap_read: want=1, got=1
0000:  30                                                 0
ldap_read: want=1, got=1
0000:  37                                                 7
Error: ldap operation failed, data written to
"/var/spool/slurpd/replica/africa.customerdomain.com:0.rej"
ldap_read: want=55, got=55
0000:  02 01 03 67 32 0a 01 13  04 00 04 2b 6d 6f 64 69   ...g2......+modi
0010:  66 69 65 72 73 4e 61 6d  65 3a 20 6e 6f 20 75 73   fiersName: no us
0020:  65 72 20 6d 6f 64 69 66  69 63 61 74 69 6f 6e 20   er modification
0030:  61 6c 6c 6f 77 65 64                               allowed
er_get_next: tag 0x30 len 55 contents:
er_dump: buf=0x08064208 ptr=0x08064208 end=0x0806423f len=55
0000:  02 01 03 67 32 0a 01 13  04 00 04 2b 6d 6f 64 69   ...g2......+modi
0010:  66 69 65 72 73 4e 61 6d  65 3a 20 6e 6f 20 75 73   fiersName: no us
0020:  65 72 20 6d 6f 64 69 66  69 63 61 74 69 6f 6e 20   er modification
0030:  61 6c 6c 6f 77 65 64                               allowed
ldap_read: message type modify msgid 3, original id 3
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08064208 ptr=0x0806420b end=0x0806423f len=52
0000:  67 32 0a 01 13 04 00 04  2b 6d 6f 64 69 66 69 65   g2......+modifie
0010:  72 73 4e 61 6d 65 3a 20  6e 6f 20 75 73 65 72 20   rsName: no user
0020:  6d 6f 64 69 66 69 63 61  74 69 6f 6e 20 61 6c 6c   modification all
0030:  6f 77 65 64                                        owed
read1msg:  0 new referrals
read1msg:  mark request completed, id = 3
request 3 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08064208 ptr=0x0806420b end=0x0806423f len=52
0000:  67 32 0a 01 13 04 00 04  2b 6d 6f 64 69 66 69 65   g2......+modifie
0010:  72 73 4e 61 6d 65 3a 20  6e 6f 20 75 73 65 72 20   rsName: no user
0020:  6d 6f 64 69 66 69 63 61  74 69 6f 6e 20 61 6c 6c   modification all
0030:  6f 77 65 64                                        owed
ber_scanf fmt (}) ber:
ber_dump: buf=0x08064208 ptr=0x0806423f end=0x0806423f len=0

ldap_msgfree
ldap_err2string
Error: ldap_modify_s failed modifying "Constraint violation": cn=Geoff
Silver,ou=people,dc=customerdomain,dc=com
Prev by Date: hashed passwd as credential for replica?
Next by Date: Re: dumping the directory
Index(es):
- Chronological
- Thread