[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Subtree replication: when removing object outside of subtree, contextCSN is not updating!
- To: openldap-technical@openldap.org
- Subject: Subtree replication: when removing object outside of subtree, contextCSN is not updating!
- From: Konstantin Menshikov <kostjnspb@yandex.ru>
- Date: Fri, 22 Jun 2012 10:54:50 +0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1340348091; bh=eDZLGLpBmMq8SWcN6nJVTAguMO7vd6dqBjJJxwnxtN0=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type; b=XLbV6ccVB296rZn4vRMv78bf83e2TzIxljEo5kHL+W/v839fIZj4u+mihLTf9ptQ4 58JxB9VKXDPvteCW8h4RUc3oq3sQFWFUZRHZPaPY52UJLGOi/BE55y9qlMkeuaDl/c 0CLVmjgia3aB6TkwR1UE00qp46Ay67jEH3K9Gyhs=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1340348091; bh=eDZLGLpBmMq8SWcN6nJVTAguMO7vd6dqBjJJxwnxtN0=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: Content-Type; b=Cx4ykZ3ZOi54mBQK3IBNzQ+8M3xFvCiNcAMZ+YxJZ2FLlYu4egRXxR6xFRm2xwg11 TqmwEdOn1pT+Fq51uKtmfSlRlN2O5cjmJQI1gZM9wteBCNsB9EAuz0QTZjhAccoLY6 nBEGgnN7p5LRfg27WzqzTi9Ln994TsbWrgHhEEw0=
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
Hi.
I have replication setup, when i replicate not entire tree, but only
part of it.
Configuration provider and consumer attached.
I use openldap-server-2.4.31 and db47-4.7.25.4
While adding object outside of the replicated subtree:
e.g. ou=TestBranch1,dc=example,dc=com
contextCSN of dn dc=example,dc=com on consumer server updated, ok.
But while removing object, contextCSN not updated!
Is it expected behavior or not?
At first I added object *ou=hosts,ou=TestBranch2,dc=example,dc=com*.1
After I removed object.
Provider log:
Jun 22 06:37:53 ro1 slapd[62268]: conn=1002 op=52 SRCH
base="ou=hosts,ou=TestBranch2,dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
Jun 22 06:37:53 ro1 slapd[62268]: conn=1002 op=52 SRCH
attr=hasSubordinates objectClass
Jun 22 06:37:53 ro1 slapd[62268]: conn=1002 op=52 SEARCH RESULT tag=101
err=32 nentries=0 text=
Jun 22 06:37:54 ro1 slapd[62268]: conn=1002 op=53 ADD
dn="ou=hosts,ou=TestBranch2,dc=example,dc=com"
Jun 22 06:37:54 ro1 slapd[62268]: slap_queue_csn: queing 0x7ffffe3fb100
20120622063754.599740Z#000000#000#000000
Jun 22 06:37:54 ro1 slapd[62268]: conn=1002 op=53 RESULT tag=105 err=0 text=
Jun 22 06:37:54 ro1 slapd[62268]: slap_graduate_commit_csn: removing
0x80191bfd0 20120622063754.599740Z#000000#000#000000
Jun 22 06:37:54 ro1 slapd[62268]: conn=1002 op=54 SRCH
base="ou=hosts,ou=TestBranch2,dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
Jun 22 06:37:54 ro1 slapd[62268]: conn=1002 op=54 SRCH
attr=hasSubordinates objectClass
Jun 22 06:37:54 ro1 slapd[62268]: conn=1002 op=54 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jun 22 06:38:01 ro1 slapd[62268]: conn=1002 op=55 DEL
dn="ou=hosts,ou=TestBranch2,dc=example,dc=com"
Jun 22 06:38:01 ro1 slapd[62268]: slap_queue_csn: queing 0x7ffffebfc590
20120622063801.799710Z#000000#000#000000
Jun 22 06:38:01 ro1 slapd[62268]: conn=1002 op=55 RESULT tag=107 err=0 text=
Jun 22 06:38:01 ro1 slapd[62268]: slap_graduate_commit_csn: removing
0x802738970 20120622063801.799710Z#000000#000#000000
Jun 22 06:38:02 ro1 slapd[62268]: conn=1002 op=56 SRCH
base="ou=TestBranch2,dc=example,dc=com" scope=1 deref=3
filter="(objectClass=*)"
Jun 22 06:38:02 ro1 slapd[62268]: conn=1002 op=56 SRCH
attr=hasSubordinates objectClass
Jun 22 06:38:02 ro1 slapd[62268]: conn=1002 op=56 SEARCH RESULT tag=101
err=0 nentries=2 text=
Consumer log:
Jun 22 06:37:54 ro2 slapd[62298]: do_syncrep2: rid=111
LDAP_RES_INTERMEDIATE - NEW_COOKIE
Jun 22 06:37:54 ro2 slapd[62298]: do_syncrep2: rid=111 NEW_COOKIE:
rid=111,csn=20120622063754.599740Z#000000#000#000000
Jun 22 06:37:54 ro2 slapd[62298]: slap_queue_csn: queing 0x8019eca90
20120622063754.599740Z#000000#000#000000
Jun 22 06:37:54 ro2 slapd[62298]: slap_graduate_commit_csn: removing
0x8019ec2b0 20120622063754.599740Z#000000#000#000000
--
Konstantin Menshikov
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/sudo.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/spamassassin.schema
include /usr/local/etc/openldap/schema/openssh-lpk.schema
include /usr/local/etc/openldap/schema/asterisk.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel sync stats
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_hdb
#moduleload back_ldap
#moduleload back_perl
sizelimit 5000
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to dn.base="" by * read
#access to dn.base="cn=Subschema" by * read
access to dn.sub="dc=example,dc=com" by users read
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# Enable TLS
TLSCACertificatePath /etc/ssl/certs
TLSCertificateFile /etc/ssl/certs/ro.devel.ldap.hostcomm.ru.crt
TLSCertificateKeyFile /etc/ssl/private/ro.devel.ldap.hostcomm.ru.key
# Here, ssf=128 tells OpenLDAP to require 128-bit encryption for all connections, both search and update.
security ssf=128
require bind LDAPv3
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=ldapadm,dc=example,dc=com"
rootpw password
directory /var/db/openldap-data/dc=example
overlay syncprov
index mailLocalAddress pres,eq
index mail pres,eq,sub
index objectClass eq
index uid eq,sub
index entryUUID eq
index cn eq
database config
rootpw PASSW_FOR_CN=CONFIG
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/sudo.schema
include /usr/local/etc/openldap/schema/samba.schema
include /usr/local/etc/openldap/schema/spamassassin.schema
include /usr/local/etc/openldap/schema/openssh-lpk.schema
include /usr/local/etc/openldap/schema/asterisk.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel sync stats
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
moduleload back_hdb
# moduleload back_ldap
#moduleload back_perl
sizelimit 5000
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to dn.base="" by * read
#access to dn.base="cn=Subschema" by * read
#access to dn="" by * read
#access to dn="cn=Subschema" by * read
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# Enable TLS
TLSCACertificatePath /etc/ssl/certs
TLSCertificateFile /etc/ssl/certs/ro.devel.ldap.hostcomm.ru.crt
TLSCertificateKeyFile /etc/ssl/private/ro.devel.ldap.hostcomm.ru.key
# Here, ssf=128 tells OpenLDAP to require 128-bit encryption for all connections, both search and update.
security ssf=128
require bind LDAPv3
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=ldapadm,dc=example,dc=com"
rootpw password
directory /var/db/openldap-data/dc=example
syncrepl rid=111
provider=ldaps://ro1.devel.ldap.hostcomm.ru
type=refreshAndPersist
tls_reqcert=never
retry="60 +"
searchbase="ou=TestBranch1,dc=example,dc=com"
schemachecking=off
bindmethod=simple
binddn="cn=ldapadm,dc=example,dc=com"
credentials="password"
index mailLocalAddress pres,eq
index mail pres,eq,sub
index objectClass eq
index uid eq,sub
index entryUUID eq
index cn eq
database config
rootpw PASSW_FOR_CN=CONFIG