[Date Prev][Date Next] [Chronological] [Thread] [Top]

modify upon the root DSE not supported



Hello openldap-software,

  Sorry for bothering with maybe dumb question, but i'm definitely
  stuck.
  
  I have two OpenLDAP-2.0.25 servers, master and slave. Replication
  from master to slave work's fine, but when i'm trying to update some
  entry on slave - in master's log i see "modify upon the root DSE not
  supported", though for update i bind as non-root DN
  (cn=usermaster,o=Ent,c=RU).

  Client is LDAP Browser/Editor 2.8.2 by Jarek Gawor (written in java).

  Master's configuration:

[schemas definition skip]

include     /usr/local/etc/openldap/slapd.acl
  
database    ldbm
password-hash   {MD5}
suffix      "o=Ent,c=RU"
rootdn      "cn=root,o=Ent,c=RU"
rootpw      rootsecret
directory   /var/db/openldap-ldbm
index   objectClass eq
replogfile  /var/log/slapd.replog

replica     host=slave.domain.ru:389
            binddn="cn=replica,o=Ent,c=RU"
            bindmethod=simple   credentials=replicasecret

  
  Slave's configuration:

[schemas definition skip]

include     /usr/local/etc/openldap/slapd.acl

database    ldbm
password-hash   {MD5}
suffix      "o=Ent,c=RU"
rootdn      "cn=root,o=Ent,c=RU"
rootpw      rootsecret
directory   /var/db/openldap-ldbm/
index   objectClass eq
updatedn    "cn=replica,o=Ent,c=RU"
updateref   "ldap://master.domain.ru:389";


  ACL's:

access to dn=".*,ou=users,o=Ent,c=RU" attr=userPassword
    by dn="cn=usermaster,o=Ent,c=RU" write
    by dn="cn=replica,o=Ent,c=RU" write
    by dn="cn=admin,o=Ent,c=RU" read
    by self write
    by * auth

access to dn="cn=radprofile,o=Ent,c=RU"
    by dn="cn=admin,o=Ent,c=RU" read
    by * auth

access to dn="cn=usermaster,o=Ent,c=RU"
    by self read
    by * auth

access to dn="cn=admin,o=Ent,c=RU"
    by self read
    by * auth

access to dn="cn=dialup-group,o=Ent,c=RU"
    by dn="cn=replica,o=Ent,c=RU" write
    by dn="cn=usermaster,o=Ent,c=RU" write
    by dn="cn=admin,o=Ent,c=RU" read
    by * auth

access to dn="ou=users,o=Ent,c=RU"
    by dn="cn=replica,o=Ent,c=RU" write
    by dn="cn=usermaster,o=Ent,c=RU" write
    by self write
    by * read
access to *
    by dn="cn=replica,o=Ent,c=RU" write
    by * auth

  Slave's logs:

do_modify
ber_scanf fmt ({a) ber:
ber_dump: buf=0x080f5c80 ptr=0x080f5c83 end=0x080f5cc2 len=63
  0000:  66 3d 04 22 75 69 64 3d  74 65 73 74 39 39 2c 20   f=."uid=test99,
do_modify
  0020:  74 2c 63 3d 52 55 30 17  30 15 0a 01 02 30 10 04   t,c=RU0.0....0..
  0030:  02 63 6e 31 0a 04 08 d0  b0 d0 bf d0 b0 d0 bf      .cn1...........
do_modify: dn (uid=test99, ou=users, o=Ent,c=RU)
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x080f5c80 ptr=0x080f5cab end=0x080f5cc2 len=23
  0000:  30 15 0a 01 02 30 10 04  02 63 6e 31 0a 04 08 d0   0....0...cn1....
  0010:  b0 d0 bf d0 b0 d0 bf                               .......
modifications:
        replace: cn
conn=2 op=4 MOD dn="uid=test99, ou=users, o=Ent,c=RU"
dn2entry_r: dn: "UID=TEST99,OU=USERS,O=ENT,C=RU"
=> dn2id( "UID=TEST99,OU=USERS,O=ENT,C=RU" )
====> cache_find_entry_dn2id("UID=TEST99,OU=USERS,O=ENT,C=RU"): 243 (1 tries)
<= dn2id 243 (in cache)
=> id2entry_r( 243 )
====> cache_find_entry_id( 243 ) "uid=test99,ou=users,o=Ent,c=RU" (found) (1 t
ries)
<= id2entry_r( 243 ) 0x80f4ac0 (cache)
====> cache_return_entry_r( 243 ): returned (0)
send_ldap_result: conn=2 op=4 p=3
send_ldap_result: 10::
send_ldap_result: referral: ldap://master.domain.ru:389
send_ldap_response: msgid=5 tag=103 err=10
send_ldap_response: ref=ldap://master.domain.ru:389
ber_flush: 46 bytes to sd 13
  0000:  30 2c 02 01 05 67 27 0a  01 0a 04 00 04 00 a3 1e   0,...g'.........
  0010:  04 1c 6c 64 61 70 3a 2f  2f 6c 64 61 70 2e 73 74   ..ldap://ldap.domain
  0020:  61 72 74 61 74 6f 6d 2e  72 75 3a 33 38 39         .ru:389
ldap_write: want=46, written=46
  0000:  30 2c 02 01 05 67 27 0a  01 0a 04 00 04 00 a3 1e   0,...g'.........
  0010:  04 1c 6c 64 61 70 3a 2f  2f 6c 64 61 70 2e 73 74   ..ldap://ldap.domain
  0020:  61 72 74 61 74 6f 6d 2e  72 75 3a 33 38 39         .ru:389
conn=2 op=4 RESULT tag=103 err=10 text=
daemon: select: listen=8 active_threads=1 tvp=NULL
    

  Master's logs:

daemon: added 9r
daemon: activity on:
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  31                                                 1
ldap_read: want=49, got=49
  0000:  02 01 01 60 2c 02 01 03  04 1b 63 6e 3d 75 73 65   ...`,.....cn=use
  0010:  72 6d 61 73 74 65 72 2c  20 6f 3d 53 74 61 72 74   rmaster,o=Ent
  0020:  2c 63 3d 52 55 80 0a 6b  6f 6d 61 67 65 6e 6f 75   ,c=RU.. secret
ber_get_next: tag 0x30 len 49 contents:
ber_dump: buf=0x080db5c0 ptr=0x080db5c0 end=0x080db5f1 len=49
  0000:  02 01 01 60 2c 02 01 03  04 1b 63 6e 3d 75 73 65   ...`,.....cn=use
  0010:  72 6d 61 73 74 65 72 2c  20 6f 3d 53 74 61 72 74   rmaster, o=Ent
  0020:  2c 63 3d 52 55 80 0a 6b  6f 6d 61 67 65 6e 6f 75   ,c=RU..secret
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x080db5c0 ptr=0x080db5c3 end=0x080db5f1 len=46
  0000:  60 2c 02 01 03 04 1b 63  6e 3d 75 73 65 72 6d 61   `,.....cn=userma
  0010:  73 74 65 72 2c 20 6f 3d  53 74 61 72 74 2c 63 3d   ster,o=Ent,c=
  0020:  52 55 80 0a 6b 6f 6d 61  67 65 6e 6f 75 73         RU..secret
ber_scanf fmt (o}) ber:
ber_dump: buf=0x080db5c0 ptr=0x080db5e5 end=0x080db5f1 len=12
  0000:  80 0a 6b 6f 6d 61 67 65  6e 6f 75 73               ..secret
do_bind: version=3 dn="cn=usermaster, o=Ent,c=RU" method=128
conn=0 op=0 BIND dn="CN=USERMASTER,O=ENT,C=RU" method=128
==> ldbm_back_bind: dn: cn=usermaster, o=Ent,c=RU
dn2entry_r: dn: "CN=USERMASTER,O=ENT,C=RU"
=> dn2id( "CN=USERMASTER,O=ENT,C=RU" )
=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 0)
<= dn2id 247
=> id2entry_r( 247 )
=> ldbm_cache_open( "id2entry.dbb", 73, 600 )
ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
<= ldbm_cache_open (opened 1)
=> str2entry
<= str2entry(cn=usermaster, o=Ent,c=RU) -> -1 (0x8103940)
<= id2entry_r( 247 ) 0x8103940 (disk)
=> access_allowed: auth access to "cn=usermaster, o=Ent,c=RU" "userPassword" r
equested
=> dnpat: [1] .*,ou=users,o=Ent,c=RU nsub: 0
=> dnpat: [2] cn=radprofile,o=Ent,c=RU nsub: 0
=> dnpat: [3] cn=usermaster,o=Ent,c=RU nsub: 0
=> acl_get: [3] matched
=> acl_get: [3] check attr userPassword
<= acl_get: [3] acl cn=usermaster, o=Ent,c=RU attr: userPassword
=> acl_mask: access to entry "cn=usermaster, o=Ent,c=RU", attr "userPassword"
requested
=> acl_mask: to all values by "", (=n)
<= check a_dn_pat: self
<= check a_dn_pat: *
<= acl_mask: [2] applying auth (=x) (stop)
<= acl_mask: [2] mask: auth (=x)
=> access_allowed: auth access granted by auth (=x)
====> cache_return_entry_r( 247 ): created (0)
do_bind: v3 bind: "cn=usermaster, o=Ent,c=RU" to "cn=usermaster, o=Ent,c=RU"
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 9
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00         0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
daemon: select: listen=8 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0
ldap_read: want=1, got=1
  0000:  20
ldap_read: want=32, got=32
do_bind: v3 bind: "cn=usermaster, o=Ent,c=RU" to "cn=usermaster, o=Ent,c=RU"
  0010:  04 02 63 6e 31 0a 04 08  d0 b0 d0 bf d0 b0 d0 bf   ..cn1...........
ber_get_next: tag 0x30 len 32 contents:
ber_dump: buf=0x08103840 ptr=0x08103840 end=0x08103860 len=32
  0000:  02 01 02 66 1b 04 00 30  17 30 15 0a 01 02 30 10   ...f...0.0....0.
  0010:  04 02 63 6e 31 0a 04 08  d0 b0 d0 bf d0 b0 d0 bf   ..cn1...........
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
do_modify
ber_scanf fmt ({a) ber:
ber_dump: buf=0x08103840 ptr=0x08103843 end=0x08103860 len=29
  0000:  66 1b 04 00 30 17 30 15  0a 01 02 30 10 04 02 63   f...0.0....0...c
  0010:  6e 31 0a 04 08 d0 b0 d0  bf d0 b0 d0 bf            n1...........
do_modify: dn ()
ber_scanf fmt ({i{a[V]}}) ber:
ber_dump: buf=0x08103840 ptr=0x08103849 end=0x08103860 len=23
  0000:  30 15 0a 01 02 30 10 04  02 63 6e 31 0a 04 08 d0   0....0...cn1....
  0010:  b0 d0 bf d0 b0 d0 bf                               .......
do_modify: root dse!
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: 53::modify upon the root DSE not supported
send_ldap_response: msgid=2 tag=103 err=53
ber_flush: 52 bytes to sd 9
  0000:  30 32 02 01 02 67 2d 0a  01 35 04 00 04 26 6d 6f   02...g-..5...&mo
  0010:  64 69 66 79 20 75 70 6f  6e 20 74 68 65 20 72 6f   dify upon the ro
  0020:  6f 74 20 44 53 45 20 6e  6f 74 20 73 75 70 70 6f   ot DSE not suppo
  0030:  72 74 65 64                                        rted
ldap_write: want=52, written=52
  0000:  30 32 02 01 02 67 2d 0a  01 35 04 00 04 26 6d 6f   02...g-..5...&mo
  0010:  64 69 66 79 20 75 70 6f  6e 20 74 68 65 20 72 6f   dify upon the ro
  0020:  6f 74 20 44 53 45 20 6e  6f 74 20 73 75 70 70 6f   ot DSE not suppo
  0030:  72 74 65 64                                        rted
conn=0 op=1 RESULT tag=103 err=53 text=modify upon the root DSE not supported
daemon: select: listen=8 active_threads=1 tvp=NULL
  

  
-- 
Best regards,
Alexander                          mailto:lan_mailing@startatom.ru