[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: So I finally upgraded from slurpd...

To: masarati@aero.polimi.it
Subject: Re: So I finally upgraded from slurpd...
From: Kolbjørn Barmen <kolbjorn.barmen@uninett.no>
Date: Tue, 20 Jul 2010 19:06:51 +0200 (CEST)
Cc: Quanah Gibson-Mount <quanah@zimbra.com>, openldap-technical@openldap.org
In-reply-to: <8d8fab1c389684dbd7087b8033eec80e.squirrel@www.aero.polimi.it>
References: <alpine.LNX.2.01.1007081809081.19357@halbrend.uninett.no> <70324DD4D1C77687251B1AC9@[192.168.1.2]> <alpine.LNX.2.01.1007092017350.8788@halbrend.uninett.no> <8d8fab1c389684dbd7087b8033eec80e.squirrel@www.aero.polimi.it>
User-agent: Alpine 2.01 (LNX 1266 2009-07-14)

On Tue, 20 Jul 2010, masarati@aero.polimi.it wrote:

> 
> > It turned out that the object cn=admin,dc=foo,dc=no had multiple
> > occurances of "objectClass: organizationalRole" (!), and this also
> > prevented syncrepl from working. I suspect it was a result of "manual"
> > editing of ldif files followed by an import using slapadd. I get no
> > warnings from slapadd when I import import objects with multiple
> > occurances of the same objectClass.
> >
> > Perhaps slapadd/slapd should be able to deal with such duplicate
> > entries better, to make it more obivous what's wrong? I'm just saying
> > :)
> 
> slapd(8) can handle those occurrences.

But does it handle it good enough, when it prevents replsync from working?

> slapadd(8) is intended to load LDIF files generated by slapcat(8), thus
> presumably consistent.

And the file was indeed LDIF file generated by slapcat. Since slapd allows
it, slapcat will also spit it out - when slapcat, slapadd and slapd all
"handle it" without giving any warnings back to anyone, it's not so easy
to detect errors.

> In general, it deals with the most obvious errors.  I don't think asking
> slapadd to perform these checks is a good idea, as it would slow it down
> without real benefit: if an error is caught, you would need to restart,
> wasting all the actual write effort.

I don't quite agree - as I understand it slapadd already does some sanity
checking, how much overhead would a check for objectClass doublets imply?
And I dont see why you would need to restart, on a doublet either spit out
a warning, or even better - spit out a warning and discard the doublet.

> A sanity check tool for unreliable LDIF would probably be more
> appropriate.  I guess at this point most users would pretend their LDIF
> is always reliable, and avoid running the sanity checker...

Really? Yes, I would love a sanity checker, and I would most likely
_always_ run LDIF through a sanity checker before using slapadd to write
to back-end.

But again - slapadd already does some sanity checking, and there's even a
flag for "dry-run" mode (-u) which IMO says that it is supposed to be used
as a sanity checking tool. I'm perfectly OK to let _all_ sanity checks
only occure when using -u.

I would love to dump all my ldap data to an LDIF and run it through a
sanity checker, I suspect there's more "old noise" stuck in there.

Cheers! :)

-- 
Kolbjørn Barmen
UNINETT Driftsenter

Follow-Ups:
- Re: So I finally upgraded from slurpd...
  - From: masarati@aero.polimi.it

References:
- So I finally upgraded from slurpd...
  - From: Kolbjørn Barmen <kolbjorn.barmen@uninett.no>
- Re: So I finally upgraded from slurpd...
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: So I finally upgraded from slurpd...
  - From: Kolbjørn Barmen <kolbjorn.barmen@uninett.no>
- Re: So I finally upgraded from slurpd...
  - From: masarati@aero.polimi.it

Prev by Date: Re: OpenLDAP authenticate the username/password with MS-AD?
Next by Date: Re: So I finally upgraded from slurpd...
Index(es):
- Chronological
- Thread