[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Net::LDAPapi syncrepl working only intermittently in 2.4.42
On 9/10/2015 11:19 AM, Quanah Gibson-Mount wrote:
--On Thursday, September 10, 2015 10:57 AM -0700 Quanah Gibson-Mount
<quanah@zimbra.com> wrote:
--On Thursday, September 10, 2015 9:39 AM -0400 Aaron Richton
<richton@nbcs.rutgers.edu> wrote:
On Wed, 9 Sep 2015, Nat Sincheler wrote:
2015-09-09T08:32:20.926931-07:00 ldap-jessie0 slapd[631]: conn=1161
op=4
SEARCH RESULT tag=101 err=2 nentries=0 text=Sync control : mode
decoding
error
2015-09-09T08:32:20.927211-07:00 ldap-jessie0 slapd[631]: conn=1161
op=4
do_search: get_ctrls failed
[...]
What does "Sync control : mode decoding error" mean? Any suggestions on
next steps for troubleshooting?
See RFC4533 section 2.2 ... mode i.e. refreshOnly or refreshAndPersist.
Well, the interesting bit is that it worked in 2.4.40 and previous, but
broke in 2.4.41 or 2.4.42, where significant changes to the syncrepl code
were made. It would be useful to know if it was 2.4.41 or 2.4.42. It
would also be useful to have the full set of code, and I'd suggest using
the latest Net::LDAPapi code (It's getting prepped for a new release):
<https://github.com/quanah/net-ldapapi>
Also, if you could send me the full script you are using, that would be
helpful, thanks!
Here is a stripped-down version of the code:
use strict;
use warnings;
use Net::LDAPapi;
sub make_connect {
my $LDAP = ldap_connect(host => 'ldap-master0.example.com');
return $LDAP;
}
sub ldap_connect {
my %in = @_;
my $ldap;
if (($ldap = Net::LDAPapi->new($in{'host'})) == -1) {
die "ERROR Connection to " . $in{'host'} . " failed.";
}
my $status;
if ($in{'anonymous'}) {
$status = $ldap->bind_s();
} else {
$ldap->sasl_parms(-mech => "GSSAPI");
$status = $ldap->bind_s(-type => LDAP_AUTH_SASL);
}
if ($status != LDAP_SUCCESS) {
$ldap->unbind if $ldap;
die 'ERROR Bind error connecting to ' . $in{'host'};
}
return $ldap;
}
sub listen_for_changes {
my $log_base_dn = 'cn=accesslog';
my $log_filter = 'objectclass=*';
my $log_cookie_file = '/var/run/ldap-sync-attributes.cookie';
# If the cookie file does not exist, create a new one.
if (!(-e $log_cookie_file)) {
open(my $FH, q{>}, $log_cookie_file);
close($FH);
}
my $LDAP = make_connect();
my $msgid = $LDAP->listen_for_changes(-basedn => $log_base_dn,
-scope => LDAP_SCOPE_SUBTREE,
-filter => $log_filter,
-cookie => $log_cookie_file);
my %retry_list = ();
# Loop forever, listening for changes. Every time one is found,
# iterate through each result, and make changes as needed.
while (1) {
my @entries;
while (@entries = $LDAP->next_changed_entries($msgid, 0, -1)) {
foreach my $entry (@entries) {
# Find the dn of whatever changed
my @reqdn = $LDAP->get_values('reqDN');
if (!@reqdn) {
next;
}
my $dn = $reqdn[0];
# Look at the changes
my @mods = ();
my $update_request = 0;
if (@mods = $LDAP->get_values('reqMod')) {
foreach my $val (@mods) {
# Pick apart the result
my $attr = my $action = my $value = q{};
if ($val =~ m{^(.+?):(.)\s+(.+)$}xsm) {
$attr = $1;
$action = $2;
$value = $3;
} elsif ($val =~ m{^(.+?):-}xsm) {
$attr = $1;
} elsif ($val =~ m{^([^:]+):=$}xsm) {
$attr = $1;
}
if (!$attr) {
next;
}
$update_request = 1;
}
}
if ($update_request) {
# <update code here...>
}
}
$LDAP->msgfree;
}
return;
}
}