[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dynamic config replication



Am Fri, 9 Feb 2018 15:26:20 +0100
schrieb Gerard Ranke <gerard.ranke@hku.nl>:

> Hello list,
> 
> Openldap 2.4.45 here, on 1 producer and 4 consumers. ( I'll attach
> relevant parts of the configuration at the end of this message. )
> Following the scripts from test059, I configured the producer to serve
> up a cn=config backend for the consumers. This seems to work nicely at
> first: When you start a consumer from a minimal config, it loads the
> producers schemafiles and the cn=config, and replication of the main
> database is fine. Also, when fi. changing the loglevel on the
> producers cn=config,cn=slave, the consumers pick up this change in
> their cn=config. However, when I modify an olcAccess line on the
> producers cn=config,cn=slave database, I get these errors on the
> consumer:
> 
> slapd[26324]: syncrepl_message_to_entry: rid=002 DN:
> olcDatabase={1}mdb,cn=config,cn=slave, UUID:
              ^^^^^^^^^^^^^^^^^^^^^^^^^

> 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc
> slapd[26324]: syncrepl_entry: rid=002
> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) slapd[26324]: syncrepl_entry:
> rid=002 inserted UUID 7cff5ef6-90b1-1037-9d95-6dfd3149c2dc
> slapd[26324]: syncrepl_entry: rid=002 be_search (0)
> slapd[26324]: syncrepl_entry: rid=002 olcDatabase={1}mdb,cn=config
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^


> slapd[26324]: null_callback : error code 0x43
> slapd[26324]: syncrepl_entry: rid=002 be_modify
> olcDatabase={1}mdb,cn=config (67)
              ^^^^^^^^^^^^^^^^

> slapd[26324]: syncrepl_entry: rid=002 be_modify failed (67)
> slapd[26324]: do_syncrepl: rid=002 rc 67 retrying
> 
> From the error code ox43, it seems that the replication is somehow
> trying to change the rdn, olcDatabase{1}mdb, on the consumer, which
> makes no sense to me.
> 
> From the producer, cn=config,cn=slave:
> ( This is identical to the consumer's cn=config )
> 
> dn: cn=config,cn=slave
> objectClass: olcGlobal
> objectClass: olcConfig
> objectClass: top
> cn: slaveconfig
> cn: config
> olcArgsFile: /var/run/slapd/slapd.args
> olcAttributeOptions: lang-
> olcAuthzPolicy: none
> olcConcurrency: 0
> olcConfigDir: slapd.d/
> olcConnMaxPending: 100
> olcConnMaxPendingAuth: 1000
> olcGentleHUP: FALSE
> olcIdleTimeout: 0
> olcIndexIntLen: 4
> olcIndexSubstrAnyLen: 4
> olcIndexSubstrAnyStep: 2
> olcIndexSubstrIfMaxLen: 4
> olcIndexSubstrIfMinLen: 2
> olcLocalSSF: 71
> olcLogFile: none
> olcLogLevel: none
> olcPidFile: /var/run/slapd/slapd.pid
> olcReadOnly: FALSE
> olcSaslSecProps: noplain,noanonymous
> olcSizeLimit: 20000
> olcSockbufMaxIncoming: 262143
> olcSockbufMaxIncomingAuth: 16777215
> olcThreads: 16
> olcTLSCACertificatePath: /etc/ssl/certs
> olcTLSCertificateFile: /etc/ssl/certs/hkuwildcardcacert.cert
> olcTLSCertificateKeyFile: /etc/ssl/private/hkuwildcardcacert.key
> olcTLSCRLCheck: none
> olcTLSVerifyClient: never
> olcToolThreads: 2
> 
> I'll leave the rest PM, except for:
> 
> dn: olcDatabase={0}config,cn=config,cn=slave
> objectClass: olcDatabaseConfig
> objectClass: olcConfig
> objectClass: top
> olcDatabase: {0}config
^^^^^^^^^^^^^^^^^^^^^^^ 
[...]
> 
> Hopefully somebody can point me in the right direction!
> Many thanks in advance,

check your configuration, distinguished names differ.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E