[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Antw: RE: Syncrepl and mmr

To: "John - 0442 - MITLL Borresen" <John.Borresen@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>, "QuanahGibson-Mount" <quanah@zimbra.com>
Subject: RE: Antw: RE: Syncrepl and mmr
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Fri, 07 Feb 2014 08:28:29 +0100
Content-disposition: inline
In-reply-to: <20140206164804.ECB0F44E78@rrzmta2.uni-regensburg.de>
References: <1BB724A73E57084D89F6F28ED9E651920AD3170DFB@LLE2K7-BE02.mitll.ad.local> <201401301252.s0UCqYiG032646@boole.openldap.org> <BB8429D49E4807C586371E61@[192.168.1.2]> <20140130202839.1351AA624A@edge02.zimbra.com> <2B630E28DF38ECE010CBD25A@[192.168.1.2]> <20140130212629.B2597A6250@edge02.zimbra.com> <DB1FEF6327E2B46EC94F873B@[192.168.1.2]> <20140130213534.84D20A6263@edge02.zimbra.com> <395A5E98A0BA923103457A7D@[192.168.1.2]> <20140130215154.21246A6250@edge02.zimbra.com> <E05E339BB9E6991AE1EE9034@[192.168.1.2]> <20140131135522.883144425D@edge01.zimbra.com> <8B2D174F182D2F00973C48E7@[192.168.1.2]> <20140131182111.1FCCDA6244@edge02.zimbra.com> <DA81C395D0AF170D0D2E8E2A@[192.168.1.2]> <52EBF648.2030003@stroeder.com> <20140131192626.8EDCB44260@edge01.zimbra.com> <70B15C25BB69C8535EA2BF2E@[192.168.1.2]> <20140131193800.428F9A624B@edge02.zimbra.com> <4555DA4EB27A62A899B751DB@[192.168.1.2]> <20140131213521.0E815A626E@edge02.zimbra.com> <89C7F52021B10496CDC11C3B@[192.168.1.2]> <20140203145812.66A5144228@edge01.zimbra.com> <301D280F978BB72758ED1FC4@[192.168.1.2]> <20140203180713.0E7424423A@edge01.zimbra.com> <4EEB696E0B8A8D3E9C96D37A@[192.168.1.2]> <20140203192636.4F24D4416C@edge01.zimbra.com> <EB8D4047747A428F243EB442@[192.168.1.2]> <20140203203139.8B4B644233@edge01.zimbra.com> <C2EA1B0EA54479EAC7FC666F@[192.168.1.2]> <20140203205805.7D3CC4423A@edge01.zimbra.com> <110DB795996D2E758135FCED@[192.168.1.2]> <201402032122.s13LMafX068973@boole.openldap.org> <201402041431.s14EVWdD017657@boole.openldap.org> <201402041456.s14EuaHc022629@boole.openldap.org>, <52F1FB51020000A1000143A7@gwsmtp1.uni-regensburg.de> <20140206164804.ECB0F44E78@rrzmta2.uni-regensburg.de>

Hi!

(People will flame me because of this, but...)
I'd suggest to start completely new with a clean standard distribution. Once your configuration works, you can update your software and change configuration until it stops working. ;-)

Regards,
Ulrich

>>> "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> schrieb am
06.02.2014 um 17:47 in Nachricht
<20140206164804.ECB0F44E78@rrzmta2.uni-regensburg.de>:
> All,
> 
> I came in this morning, and the test environment was hung.  Not sure what is 
> going on.  slapd on both servers will not stay up for more than 5-minutes.  I 
> tried to back step so attempted to slapadd from the dbase.ldif that I created 
> the other day when things were working.  When slapadding, I am receiving the 
> following error:
> # slapadd -w -q -F /usr/local/openldap/etc/openldap/slapd.d -l 
> /usr/local/openldap/etc/openldap/ldif/backup/mm-server2_example_ldap.ldif
> 52f3bb11 olcDbDirectory: value #0: invalid path: No such file or directory
> 52f3bb11 config error processing olcDatabase={1}bdb,cn=config: 
> olcDbDirectory: value #0: invalid path: No such file or directory
> slapadd: bad configuration directory!
> 
> Any assistance as to what to look for would be great!  
> 
> Thanks in advance
> John
> 
> ________________________________________
> From: Ulrich Windl [Ulrich.Windl@rz.uni-regensburg.de]
> Sent: Wednesday, February 05, 2014 2:50 AM
> To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org; Quanah 
> Gibson-Mount
> Subject: Antw: RE: Syncrepl and mmr
> 
> "52f0fe5f send_search_entry: conn 1003 access to attribute userPassword, 
> value #0 not allowed"
> 
> I'm not surprised that you have a problem with the user's password.
> 
>>>> "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> schrieb am
> 04.02.2014 um 15:56 in Nachricht
> <201402041456.s14EuaHc022629@boole.openldap.org>:
>> Here is a log snippet from mm-server2:
>>
>> 52f0fe5f => slap_access_allowed: read access granted by read(=rscxd)
>> 52f0fe5f => access_allowed: read access granted by read(=rscxd)
>> 52f0fe5f => access_allowed: result was in cache (objectClass)
>> 52f0fe5f => access_allowed: result was in cache (objectClass)
>> 52f0fe5f => access_allowed: result was in cache (objectClass)
>> 52f0fe5f => access_allowed: result was in cache (objectClass)
>> 52f0fe5f => access_allowed: result not in cache (userPassword)
>> 52f0fe5f => access_allowed: read access to
>> "uid=jdoe,ou=Users,dc=example,dc=ldap" "userPassword" requested
>> 52f0fe5f => acl_get: [1] attr userPassword
>> 52f0fe5f => acl_mask: access to entry "uid=jdoe,ou=Users,dc=example,dc=ldap",
>> attr "userPassword" requested
>> 52f0fe5f => acl_mask: to value by "cn=admin,cn=config", (=0)
>> 52f0fe5f <= check a_dn_pat: self
>> 52f0fe5f <= check a_dn_pat: anonymous
>> 52f0fe5f <= check a_dn_pat: cn=ldapadmin,dc=example,dc=ldap
>> 52f0fe5f <= check a_dn_pat: uid=replicator,ou=admins,dc=example,dc=ldap
>> 52f0fe5f <= check a_dn_pat: *
>> 52f0fe5f <= acl_mask: [5] applying none(=0) (stop)
>> 52f0fe5f <= acl_mask: [5] mask: none(=0)
>> 52f0fe5f => slap_access_allowed: read access denied by none(=0)
>> 52f0fe5f => access_allowed: no more rules
>> 52f0fe5f send_search_entry: conn 1003 access to attribute userPassword,
>> value #0 not allowed
>> 52f0fe5f conn=1003 op=20 ENTRY dn="uid=jdoe,ou=users,dc=example,dc=ldap"
>> ber_flush2: 496 bytes to sd 21
>>
>>
>>
>> -----Original Message-----
>> From: openldap-technical-bounces@OpenLDAP.org 
>> [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Borresen,
>> John - 0442 - MITLL
>> Sent: Tuesday, February 04, 2014 9:31 AM
>> To: Quanah Gibson-Mount; openldap-technical@openldap.org 
>> Subject: RE: Syncrepl and mmr
>>
>> All,
>>
>> This morning, I shut down slapd on mm-server2 and, using the ldif  that I
>> created off of mm-server1 primary dbase (used slapcat to create) and 
> attempted
>> to resync the dbases.
>>
>> Background:  when viewing the dbases on mm-server1 and mm-server2 on Apache
>> Directory Studio (binding with cn=ldapadmin,dc=example,dc=ldap), the
>> "ou=Users,dc=example,dc=ldap" will show the userPassword attribute on
>> mm-server1, but NOT on mm-server2.  If I perform an ldapsearch (again, with
>> cn=ldapadmin,dc=example,dc=ldap, on both servers the userPassword attribute
>> echoes out to console as expected.  When binding to
>> uid=replicator,ou=Admins,dc=example,dc=ldap on both servers, on the Apache
>> Directory Studio, the userPassword attribute is seen.
>>
>> Now, this morning, as stated, slapd was shut down on mm-server2.
>>
>> Moved /var/lib/openldap/openldap-data out of the way Recreated the
>> /var/lib/openldap/openldap-data directory, copying the DB_CONFIG back in.
>>
>> Chowned it the directory to ldap:ldap
>>
>> Ran:
>>
>> # slapadd -w -q -F /usr/local/openldap/etc/openldap/slapd.d -l
>> /usr/local/openldap/etc/openldap/ldif/backup/example_ldap.ldif
>> _#################### 100.00% eta   none elapsed            none fast!
>>
>> Closing DB...
>> # /usr/local/openldap/sbin/slapindex -F
>> /usr/local/openldap/etc/openldap/slapd.d
>>
>> Reconnected, to mm-server2 via the Apache Directory Studio using
>> cn=ldapadmin,dc=example,dc=ldap & 
> uid=replicator,ou=Admins,dc=example,dc=ldap,
>> same results as before.
>>
>> Any suggestions?
>>
>> Thanks in advance,
>> John
>>
>> -----Original Message-----
>> From: openldap-technical-bounces@OpenLDAP.org 
>> [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Borresen,
>> John - 0442 - MITLL
>> Sent: Monday, February 03, 2014 4:22 PM
>> To: Quanah Gibson-Mount; openldap-technical@openldap.org 
>> Subject: RE: Syncrepl and mmr
>>
>> Well...that was a "doh!" on my part. <lol>
>>
>> One last stupid question for the evening.  "slapcat" created the ldif, when
>> slapadd-ing to the the secondary, should I remove the extra lines (ex.
>> entryUUID, creatorsName,createTimeStamp)?
>>
>> Thanks,
>> John
>>
>> -----Original Message-----
>> From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
>> Sent: Monday, February 03, 2014 4:03 PM
>> To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org 
>> Subject: RE: Syncrepl and mmr
>>
>> --On Monday, February 03, 2014 3:57 PM -0500 "Borresen, John - 0442 - MITLL"
>> <John.Borresen@ll.mit.edu> wrote:
>>
>>> Hmmmmmmmm,
>>>
>>> Taking your advice to reload the secondary from the primary...by
>>> creating master set of ldifs off of the primary (mm-server1):
>>>
>>> On the primary (mm-server1):
>>># slapcat -F /usr/local/openldap/etc/openldap/slapd.d -l #
>>>backup/example_ldap.ldif -b dc=example,dc=ldap
>>> 52f000f2 ldif_read_file: checksum error on
>>>"/usr/local/openldap/etc/openldap/slapd.d/cn=config.ldif" 52f000f2
>>> bdb_monitor_db_open: monitoring disabled; configure monitor database
>>>to  enable
>>>
>>> On the secondary (mm-server2):
>>> the same command worked...
>>
>> There is no indication here the command failed.  All it is reporting is that
>> someone modified cn=config.ldif by hand rather than correctly using
>> ldapmodify.
>>
>> --Quanah
>>
>> --
>>
>> Quanah Gibson-Mount
>> Architect - Server
>> Zimbra, Inc.
>> --------------------
>> Zimbra ::  the leader in open source messaging and collaboration

References:
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
- RE: Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
- RE: Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
- Antw: RE: Syncrepl and mmr
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Antw: Re: Re: Slow to add 1 million items
Next by Date: Simple way to check that MMR is in sync?
Index(es):
- Chronological
- Thread