[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.0.X master. OpenLDAP 2.1.X slave

To: Darren Gamble <darren.gamble@sjrb.ca>
Subject: Re: OpenLDAP 2.0.X master. OpenLDAP 2.1.X slave
From: Buchan Milne <bgmilne@obsidian.co.za>
Date: Fri, 15 Oct 2004 17:11:17 +0200
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <F2AC1E62AC3CBB49BB518BEA341532220AA466E8@shawmail02.shaw.ca>
References: <F2AC1E62AC3CBB49BB518BEA341532220AA466E8@shawmail02.shaw.ca>
User-agent: Mozilla Thunderbird 0.7.3 (X11/20040806)

Darren Gamble wrote:

Good day,

My apology if this was a repost, but I'm pretty sure this didn't make it to
the list yesterday...

We're trying to set up LDAP replication between a 2.0.27 master and an
openldap 2.1.29 slave.  The goal is to upgrade the servers to more recent
versions in the coming months, but we're trying to get it working as-is.
Master is Red Hat 9, slave is Fedora Core 2.

Replication appears to be working fine to other 2.0.X slaves, but new
records that we add don't propagate to the 2.1.X slaves.  When the 2.0.27
slurpd tries to update the slave, the slave complains with "No
structuralObjectClass operational attribute".  Deleting records is fine.  We
encountered this problem before, but the cause was a misconfigured master
server, which is not the case here.

From the FAQ:

No structuralObjectClass operational attribute
    This is commonly returned when a shadow server is provided an entry
which does not contain the structuralObjectClass operational attribute.


My guess is that a 2.0.X master server simply does not supply this attribute
to its slaves, and that it's just not possible for this combination of
versions to interoperate.  I haven't been able to find more information on
this sort of situation.  Could someone confirm one way or the other, or tell
us if we're missing something here?

If so, if we were to upgrade the master server to something more recent,
would this break any 2.0.X slaves it had?

Your data isn't schema compliant, and you most likely have something writing non-schema-compliant data into it. The only thing to do is fix whatever is writing to LDAP, and the existing data. So, write a script which fixes your data (ie by generating ldif with modify operations so you can run it on your production servers), then make ldif dumps from the master and try and import it (ldapadd with -c -S reject.ldif) to the slave, until you have fixed everything and everything imports well.

Replicating from 2.1 to 2.0 will be less fun ... so upgrade the slaves first ...

BTW, before someone else suggests it as the answer to every question from users not running 2.2 ... you probably should consider 2.2 as 2.1 is now "historical".

Regards,
Buchan

--
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)

References:
- OpenLDAP 2.0.X master. OpenLDAP 2.1.X slave
  - From: Darren Gamble <darren.gamble@sjrb.ca>

Prev by Date: Re: Rif: RE: need help in adding certificate data to database
Next by Date: Fw: Rif: Re: need help in adding certificate data to database
Index(es):
- Chronological
- Thread