[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: modify upon the root DSE not supported
http://www.google.com/search?q=Gawor+ldap+referral+master+slave
At 11:39 PM 5/30/2003, Alexander Lunyov wrote:
>Hello openldap-software,
>
> Sorry for bothering with maybe dumb question, but i'm definitely
> stuck.
>
> I have two OpenLDAP-2.0.25 servers, master and slave. Replication
> from master to slave work's fine, but when i'm trying to update some
> entry on slave - in master's log i see "modify upon the root DSE not
> supported", though for update i bind as non-root DN
> (cn=usermaster,o=Ent,c=RU).
>
> Client is LDAP Browser/Editor 2.8.2 by Jarek Gawor (written in java).
>
> Master's configuration:
>
>[schemas definition skip]
>
>include /usr/local/etc/openldap/slapd.acl
>
>database ldbm
>password-hash {MD5}
>suffix "o=Ent,c=RU"
>rootdn "cn=root,o=Ent,c=RU"
>rootpw rootsecret
>directory /var/db/openldap-ldbm
>index objectClass eq
>replogfile /var/log/slapd.replog
>
>replica host=slave.domain.ru:389
> binddn="cn=replica,o=Ent,c=RU"
> bindmethod=simple credentials=replicasecret
>
>
> Slave's configuration:
>
>[schemas definition skip]
>
>include /usr/local/etc/openldap/slapd.acl
>
>database ldbm
>password-hash {MD5}
>suffix "o=Ent,c=RU"
>rootdn "cn=root,o=Ent,c=RU"
>rootpw rootsecret
>directory /var/db/openldap-ldbm/
>index objectClass eq
>updatedn "cn=replica,o=Ent,c=RU"
>updateref "ldap://master.domain.ru:389";
>
>
> ACL's:
>
>access to dn=".*,ou=users,o=Ent,c=RU" attr=userPassword
> by dn="cn=usermaster,o=Ent,c=RU" write
> by dn="cn=replica,o=Ent,c=RU" write
> by dn="cn=admin,o=Ent,c=RU" read
> by self write
> by * auth
>
>access to dn="cn=radprofile,o=Ent,c=RU"
> by dn="cn=admin,o=Ent,c=RU" read
> by * auth
>
>access to dn="cn=usermaster,o=Ent,c=RU"
> by self read
> by * auth
>
>access to dn="cn=admin,o=Ent,c=RU"
> by self read
> by * auth
>
>access to dn="cn=dialup-group,o=Ent,c=RU"
> by dn="cn=replica,o=Ent,c=RU" write
> by dn="cn=usermaster,o=Ent,c=RU" write
> by dn="cn=admin,o=Ent,c=RU" read
> by * auth
>
>access to dn="ou=users,o=Ent,c=RU"
> by dn="cn=replica,o=Ent,c=RU" write
> by dn="cn=usermaster,o=Ent,c=RU" write
> by self write
> by * read
>access to *
> by dn="cn=replica,o=Ent,c=RU" write
> by * auth
>
> Slave's logs:
>
>do_modify
>ber_scanf fmt ({a) ber:
>ber_dump: buf=0x080f5c80 ptr=0x080f5c83 end=0x080f5cc2 len=63
> 0000: 66 3d 04 22 75 69 64 3d 74 65 73 74 39 39 2c 20 f=."uid=test99,
>do_modify
> 0020: 74 2c 63 3d 52 55 30 17 30 15 0a 01 02 30 10 04 t,c=RU0.0....0..
> 0030: 02 63 6e 31 0a 04 08 d0 b0 d0 bf d0 b0 d0 bf .cn1...........
>do_modify: dn (uid=test99, ou=users, o=Ent,c=RU)
>ber_scanf fmt ({i{a[V]}}) ber:
>ber_dump: buf=0x080f5c80 ptr=0x080f5cab end=0x080f5cc2 len=23
> 0000: 30 15 0a 01 02 30 10 04 02 63 6e 31 0a 04 08 d0 0....0...cn1....
> 0010: b0 d0 bf d0 b0 d0 bf .......
>modifications:
> replace: cn
>conn=2 op=4 MOD dn="uid=test99, ou=users, o=Ent,c=RU"
>dn2entry_r: dn: "UID=TEST99,OU=USERS,O=ENT,C=RU"
>=> dn2id( "UID=TEST99,OU=USERS,O=ENT,C=RU" )
>====> cache_find_entry_dn2id("UID=TEST99,OU=USERS,O=ENT,C=RU"): 243 (1 tries)
><= dn2id 243 (in cache)
>=> id2entry_r( 243 )
>====> cache_find_entry_id( 243 ) "uid=test99,ou=users,o=Ent,c=RU" (found) (1 t
>ries)
><= id2entry_r( 243 ) 0x80f4ac0 (cache)
>====> cache_return_entry_r( 243 ): returned (0)
>send_ldap_result: conn=2 op=4 p=3
>send_ldap_result: 10::
>send_ldap_result: referral: ldap://master.domain.ru:389
>send_ldap_response: msgid=5 tag=103 err=10
>send_ldap_response: ref=ldap://master.domain.ru:389
>ber_flush: 46 bytes to sd 13
> 0000: 30 2c 02 01 05 67 27 0a 01 0a 04 00 04 00 a3 1e 0,...g'.........
> 0010: 04 1c 6c 64 61 70 3a 2f 2f 6c 64 61 70 2e 73 74 ..ldap://ldap.domain
> 0020: 61 72 74 61 74 6f 6d 2e 72 75 3a 33 38 39 .ru:389
>ldap_write: want=46, written=46
> 0000: 30 2c 02 01 05 67 27 0a 01 0a 04 00 04 00 a3 1e 0,...g'.........
> 0010: 04 1c 6c 64 61 70 3a 2f 2f 6c 64 61 70 2e 73 74 ..ldap://ldap.domain
> 0020: 61 72 74 61 74 6f 6d 2e 72 75 3a 33 38 39 .ru:389
>conn=2 op=4 RESULT tag=103 err=10 text=
>daemon: select: listen=8 active_threads=1 tvp=NULL
>
>
> Master's logs:
>
>daemon: added 9r
>daemon: activity on:
>daemon: select: listen=8 active_threads=0 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: activity on: 9r
>daemon: read activity on 9
>connection_get(9)
>connection_get(9): got connid=0
>connection_read(9): checking for input on id=0
>ber_get_next
>ldap_read: want=1, got=1
> 0000: 30 0
>ldap_read: want=1, got=1
> 0000: 31 1
>ldap_read: want=49, got=49
> 0000: 02 01 01 60 2c 02 01 03 04 1b 63 6e 3d 75 73 65 ...`,.....cn=use
> 0010: 72 6d 61 73 74 65 72 2c 20 6f 3d 53 74 61 72 74 rmaster,o=Ent
> 0020: 2c 63 3d 52 55 80 0a 6b 6f 6d 61 67 65 6e 6f 75 ,c=RU.. secret
>ber_get_next: tag 0x30 len 49 contents:
>ber_dump: buf=0x080db5c0 ptr=0x080db5c0 end=0x080db5f1 len=49
> 0000: 02 01 01 60 2c 02 01 03 04 1b 63 6e 3d 75 73 65 ...`,.....cn=use
> 0010: 72 6d 61 73 74 65 72 2c 20 6f 3d 53 74 61 72 74 rmaster, o=Ent
> 0020: 2c 63 3d 52 55 80 0a 6b 6f 6d 61 67 65 6e 6f 75 ,c=RU..secret
>ber_get_next
>ldap_read: want=1 error=Resource temporarily unavailable
>ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
>do_bind
>ber_scanf fmt ({iat) ber:
>ber_dump: buf=0x080db5c0 ptr=0x080db5c3 end=0x080db5f1 len=46
> 0000: 60 2c 02 01 03 04 1b 63 6e 3d 75 73 65 72 6d 61 `,.....cn=userma
> 0010: 73 74 65 72 2c 20 6f 3d 53 74 61 72 74 2c 63 3d ster,o=Ent,c=
> 0020: 52 55 80 0a 6b 6f 6d 61 67 65 6e 6f 75 73 RU..secret
>ber_scanf fmt (o}) ber:
>ber_dump: buf=0x080db5c0 ptr=0x080db5e5 end=0x080db5f1 len=12
> 0000: 80 0a 6b 6f 6d 61 67 65 6e 6f 75 73 ..secret
>do_bind: version=3 dn="cn=usermaster, o=Ent,c=RU" method=128
>conn=0 op=0 BIND dn="CN=USERMASTER,O=ENT,C=RU" method=128
>==> ldbm_back_bind: dn: cn=usermaster, o=Ent,c=RU
>dn2entry_r: dn: "CN=USERMASTER,O=ENT,C=RU"
>=> dn2id( "CN=USERMASTER,O=ENT,C=RU" )
>=> ldbm_cache_open( "dn2id.dbb", 73, 600 )
>ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
><= ldbm_cache_open (opened 0)
><= dn2id 247
>=> id2entry_r( 247 )
>=> ldbm_cache_open( "id2entry.dbb", 73, 600 )
>ldbm_cache_open (blksize 8192) (maxids 2046) (maxindirect 5)
><= ldbm_cache_open (opened 1)
>=> str2entry
><= str2entry(cn=usermaster, o=Ent,c=RU) -> -1 (0x8103940)
><= id2entry_r( 247 ) 0x8103940 (disk)
>=> access_allowed: auth access to "cn=usermaster, o=Ent,c=RU" "userPassword" r
>equested
>=> dnpat: [1] .*,ou=users,o=Ent,c=RU nsub: 0
>=> dnpat: [2] cn=radprofile,o=Ent,c=RU nsub: 0
>=> dnpat: [3] cn=usermaster,o=Ent,c=RU nsub: 0
>=> acl_get: [3] matched
>=> acl_get: [3] check attr userPassword
><= acl_get: [3] acl cn=usermaster, o=Ent,c=RU attr: userPassword
>=> acl_mask: access to entry "cn=usermaster, o=Ent,c=RU", attr "userPassword"
>requested
>=> acl_mask: to all values by "", (=n)
><= check a_dn_pat: self
><= check a_dn_pat: *
><= acl_mask: [2] applying auth (=x) (stop)
><= acl_mask: [2] mask: auth (=x)
>=> access_allowed: auth access granted by auth (=x)
>====> cache_return_entry_r( 247 ): created (0)
>do_bind: v3 bind: "cn=usermaster, o=Ent,c=RU" to "cn=usermaster, o=Ent,c=RU"
>send_ldap_result: conn=0 op=0 p=3
>send_ldap_result: 0::
>send_ldap_response: msgid=1 tag=97 err=0
>ber_flush: 14 bytes to sd 9
> 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
>ldap_write: want=14, written=14
> 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
>conn=0 op=0 RESULT tag=97 err=0 text=
>daemon: select: listen=8 active_threads=1 tvp=NULL
>daemon: activity on 1 descriptors
>daemon: activity on: 9r
>daemon: read activity on 9
>connection_get(9)
>connection_get(9): got connid=0
>connection_read(9): checking for input on id=0
>ber_get_next
>ldap_read: want=1, got=1
> 0000: 30 0
>ldap_read: want=1, got=1
> 0000: 20
>ldap_read: want=32, got=32
>do_bind: v3 bind: "cn=usermaster, o=Ent,c=RU" to "cn=usermaster, o=Ent,c=RU"
> 0010: 04 02 63 6e 31 0a 04 08 d0 b0 d0 bf d0 b0 d0 bf ..cn1...........
>ber_get_next: tag 0x30 len 32 contents:
>ber_dump: buf=0x08103840 ptr=0x08103840 end=0x08103860 len=32
> 0000: 02 01 02 66 1b 04 00 30 17 30 15 0a 01 02 30 10 ...f...0.0....0.
> 0010: 04 02 63 6e 31 0a 04 08 d0 b0 d0 bf d0 b0 d0 bf ..cn1...........
>ber_get_next
>ldap_read: want=1 error=Resource temporarily unavailable
>ber_get_next on fd 9 failed errno=35 (Resource temporarily unavailable)
>do_modify
>ber_scanf fmt ({a) ber:
>ber_dump: buf=0x08103840 ptr=0x08103843 end=0x08103860 len=29
> 0000: 66 1b 04 00 30 17 30 15 0a 01 02 30 10 04 02 63 f...0.0....0...c
> 0010: 6e 31 0a 04 08 d0 b0 d0 bf d0 b0 d0 bf n1...........
>do_modify: dn ()
>ber_scanf fmt ({i{a[V]}}) ber:
>ber_dump: buf=0x08103840 ptr=0x08103849 end=0x08103860 len=23
> 0000: 30 15 0a 01 02 30 10 04 02 63 6e 31 0a 04 08 d0 0....0...cn1....
> 0010: b0 d0 bf d0 b0 d0 bf .......
>do_modify: root dse!
>send_ldap_result: conn=0 op=1 p=3
>send_ldap_result: 53::modify upon the root DSE not supported
>send_ldap_response: msgid=2 tag=103 err=53
>ber_flush: 52 bytes to sd 9
> 0000: 30 32 02 01 02 67 2d 0a 01 35 04 00 04 26 6d 6f 02...g-..5...&mo
> 0010: 64 69 66 79 20 75 70 6f 6e 20 74 68 65 20 72 6f dify upon the ro
> 0020: 6f 74 20 44 53 45 20 6e 6f 74 20 73 75 70 70 6f ot DSE not suppo
> 0030: 72 74 65 64 rted
>ldap_write: want=52, written=52
> 0000: 30 32 02 01 02 67 2d 0a 01 35 04 00 04 26 6d 6f 02...g-..5...&mo
> 0010: 64 69 66 79 20 75 70 6f 6e 20 74 68 65 20 72 6f dify upon the ro
> 0020: 6f 74 20 44 53 45 20 6e 6f 74 20 73 75 70 70 6f ot DSE not suppo
> 0030: 72 74 65 64 rted
>conn=0 op=1 RESULT tag=103 err=53 text=modify upon the root DSE not supported
>daemon: select: listen=8 active_threads=1 tvp=NULL
>
>
>
>--
>Best regards,
>Alexander mailto:lan_mailing@startatom.ru