[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-Master OpenLDAP Replication for 3 nodes -- slapadd command failing

Hey Quanah,

Thank you very much for the debugging tip!  -- Using it I got further in.
Now I get an error "<= str2entry: str2ad(UR1): attribute type undefined".
I must be setting my external variables (such as UR1) incorrectly in my LDIF file.
What is the correct syntax for setting them, please?
I tried each of the following sentences, none of which worked:
URI1: ldap://host1.hq.mycompany.com:389/
URI1: ldap://host1.hq.mycompany.com:389
URI1: "ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389/"
URI1="ldap://host1.hq.mycompany.com:389"
URI1 ldap://host1.hq.mycompany.com:389/

This is the command I execute (after removing all contents from slapd.d):
slapadd -d -1 -v -F /etc/openldap/slapd.d -n 0 -l /etc/openldap/nwaymmr.ldif >& output.txt

For completeness I've attached my LDIF file "nwaymmr.ldif" and the output "output.txt" utilizing the first line above.

Thank you very much, in advance.

Fal


On Sat, Dec 29, 2012 at 9:02 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
--On Saturday, December 29, 2012 9:01 AM -0800 fal patel <fal0patel@gmail.com> wrote:

(3)  Where It's Failing:
=================
I first executed the following:

slapadd -v -F /usr/local/etc/openldap/slapd.d -b bdb -l mmr.ldif

This is nonsensical.  You are adding a cn=config DB.  Thus you cannot use a base of "bdb".  Remember that -b is the suffix you are adding (in this case, cn=config).  Not the database type.


So I suppose I must create the database beforehand?

No.  But the directory (/usr/local/etc/openldap/slapd.d) must exist before slapadd will work.

I would suggest you run:

slapadd -d -1 -v -F /usr/local/etc/openldap/slapd.d -n 0 -l mmr.ldif

So you can see exactly why it is failing.  My guess is you didn't create the directory.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

slapadd init: initiated tool.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.7.25: (April  4, 2012)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.7.25: (April  4, 2012)
null_back_initialize: initialize null backend
backend_startup_one: starting "cn=config"
ldif_read_file: no entry file "/etc/openldap/slapd.d/cn=config.ldif"
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=32 matched="" text=""
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig ) )
    2.5.13.39 (certificateListMatch):     2.5.13.38 (certificateListExactMatch):     2.5.13.35 (certificateMatch):     2.5.13.34 (certificateExactMatch):     2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
    2.5.13.24 (protocolInformationMatch):     2.5.13.23 (uniqueMemberMatch):     2.5.13.22 (presentationAddressMatch):     2.5.13.20 (telephoneNumberMatch):     2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
    2.5.13.16 (bitStringMatch):     2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter ) )
    2.5.13.11 (caseIgnoreListMatch):     2.5.13.8 (numericStringMatch):     2.5.13.7 (caseExactSubstringsMatch):     2.5.13.6 (caseExactOrderingMatch):     2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions ) )
    2.5.13.4 (caseIgnoreSubstringsMatch):     2.5.13.3 (caseIgnoreOrderingMatch):     2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcChainingBehavior $ olcDbURI $ olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbCancel $ olcDbIDAssertPassThru $ olcDbSocketPath $ olcDbSocketExtensions ) )
    1.2.36.79672281.1.13.3 (rdnMatch):     2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures ) )
slapadd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
Backend ACL: access to *
	by * none

config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
=> str2entry: "####################################
# nwaymmr.ldif
####################################
# This sets up the config database:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1
"
>>> dnPrettyNormal: <cn=config>
<<< dnPrettyNormal: <cn=config>, <cn=config>
<= str2entry(cn=config) -> 0x7f35370782f8
oc_check_required entry (cn=config), objectClass "olcGlobal"
oc_check_allowed type "objectClass"
oc_check_allowed type "cn"
oc_check_allowed type "olcServerID"
oc_check_allowed type "structuralObjectClass"
olcServerID: value #0: SID=0x001
ldif_write_entry: wrote entry "cn=config"
added: "cn=config" (00000001)
=> str2entry: "dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret
"
>>> dnPrettyNormal: <olcDatabase={0}config,cn=config>
<<< dnPrettyNormal: <olcDatabase={0}config,cn=config>, <olcDatabase={0}config,cn=config>
<= str2entry(olcDatabase={0}config,cn=config) -> 0x7f35370782f8
oc_check_required entry (olcDatabase={0}config,cn=config), objectClass "olcDatabaseConfig"
oc_check_allowed type "objectClass"
oc_check_allowed type "olcDatabase"
oc_check_allowed type "olcRootPW"
oc_check_allowed type "structuralObjectClass"
config_build_entry: "olcDatabase={-1}frontend"
ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config.ldif"
=> str2entry: "dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1
structuralObjectClass: olcGlobal
entryUUID: 292505f8-e7b3-1031-9975-d939718d8042
creatorsName: cn=config
createTimestamp: 20121231163040Z
entryCSN: 20121231163040.927559Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20121231163040Z
"
>>> dnPrettyNormal: <cn=config>
<<< dnPrettyNormal: <cn=config>, <cn=config>
>>> dnPretty: <cn=config>
<<< dnPretty: <cn=config>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
>>> dnPretty: <cn=config>
<<< dnPretty: <cn=config>
>>> dnNormalize: <cn=config>
<<< dnNormalize: <cn=config>
<= str2entry(cn=config) -> 0x7f35370783e8
ldif_write_entry: wrote entry "olcDatabase={-1}frontend,cn=config"
ldif_write_entry: wrote entry "olcDatabase={0}config,cn=config"
added: "olcDatabase={0}config,cn=config" (00000001)
=> str2entry: "# This sets up syncrepl as a provider (since these are all masters):
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
# olcModulePath: /usr/local/libexec/openldap
# olcModulePath: /usr/libexec/openldap
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
"
>>> dnPrettyNormal: <cn=module,cn=config>
<<< dnPrettyNormal: <cn=module,cn=config>, <cn=module,cn=config>
<= str2entry(cn=module,cn=config) -> 0x7f35370782f8
oc_check_required entry (cn=module,cn=config), objectClass "olcModuleList"
oc_check_allowed type "objectClass"
oc_check_allowed type "cn"
oc_check_allowed type "olcModulePath"
oc_check_allowed type "olcModuleLoad"
oc_check_allowed type "structuralObjectClass"
>>> dnNormalize: <cn=module{0}>
<<< dnNormalize: <cn=module{0}>
loaded module syncprov.la
module syncprov.la: null module registered
ldif_write_entry: wrote entry "cn=module{0},cn=config"
added: "cn=module{0},cn=config" (00000001)
=> str2entry: "# Now we setup the first Master Node
# (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):
URI1: ldap://host1.hq.mycompany.com:389
URI2: ldap://host2.hq.mycompany.com:389
URI3: ldap://host3.hq.mycompany.com:389
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2 
olcServerID: 3 $URI3
"
>>> dnPrettyNormal: <cn=config>
<<< dnPrettyNormal: <cn=config>, <cn=config>
<= str2entry: str2ad(URI1): attribute type undefined
slapadd: could not parse entry (line=45)
slapadd shutdown: initiated
slapadd destroy: freeing system resources.

Attachment: nwaymmr.ldif
Description: Binary data