Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   replica/rdn problems with 1.2.6 rc6 (http://www.linux-archive.org/fedora-directory/408997-replica-rdn-problems-1-2-6-rc6.html)

Jonathan Boulle 08-05-2010 05:21 PM

replica/rdn problems with 1.2.6 rc6
 
Just realised the typo in my last email - s/dc=betfair/dc=example/, or vice versa to make them consistent (I was testing with multiple suffixes)


[root@389-master02 slapd-389-master02]# ldapsearch -LLL -x -D "cn=directory manager" -W -s one -b "cn=mapping tree,cn=config"
Enter LDAP Password:
dn: cn=dc3Dbetfair,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=betfair
cn: "dc=betfair"
nsslapd-state: backend
nsslapd-backend: userRoot

dn: cn=o3Dnetscaperoot,cn=mapping tree,cn=config
nsslapd-state: backend
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=netscaperoot"
cn: o=netscaperoot
nsslapd-backend: NetscapeRoot

[root@389-master02 slapd-389-master02]#
[root@389-master02 slapd-389-master02]# ldapsearch -LLL -x -D "cn=directory manager" -W -s one -b "cn=ldbm database,cn=plugins,cn=config"
Enter LDAP Password:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: config
nsslapd-lookthroughlimit: 5000
nsslapd-mode: 600
nsslapd-idlistscanlimit: 4000
nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db
nsslapd-dbcachesize: 10000000
nsslapd-db-logdirectory: /var/lib/dirsrv/slapd-389-master02/db
nsslapd-db-durable-transaction: on
nsslapd-db-checkpoint-interval: 60
nsslapd-db-transaction-batch-val: 0
nsslapd-db-logbuf-size: 0
nsslapd-db-private-import-mem: on
nsslapd-import-cache-autosize: -1
nsslapd-import-cachesize: 20000000
nsslapd-idl-switch: new
nsslapd-search-bypass-filter-test: on
nsslapd-search-use-vlv-index: on
nsslapd-exclude-from-export: entrydn entryid dncomp parentid numSubordinates e
ntryusn
nsslapd-serial-lock: on
nsslapd-subtree-rename-switch: on

dn: cn=monitor,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: monitor
database: ldbm database
dbcachehits: 3453
dbcachetries: 3459
dbcachehitratio: 99
dbcachepagein: 6
dbcachepageout: 17
dbcacheroevict: 0
dbcacherwevict: 0

dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsBackendInstance
cn: NetscapeRoot
nsslapd-suffix: o=netscaperoot
nsslapd-cachesize: -1
nsslapd-cachememsize: 10485760
nsslapd-readonly: off
nsslapd-require-index: off
nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db/NetscapeRoot
nsslapd-dncachememsize: 10485760

dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsBackendInstance
cn: userRoot
nsslapd-suffix: dc=betfair
nsslapd-cachesize: -1
nsslapd-cachememsize: 10485760
nsslapd-readonly: off
nsslapd-require-index: off
nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db/userRoot
nsslapd-dncachememsize: 10485760

[root@389-master02 slapd-389-master02]#


-----Original Message-----
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Thursday, August 05, 2010 6:07 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] replica/rdn problems with 1.2.6 rc6

Jonathan Boulle wrote:
>
> When trying to enable consumer replication on a database/root suffix,
> we get an "operations error" (in the GUI or command line with
> ldapmodify) and the following in the log:
>
> [05/Aug/2010:17:35:20 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
>
> [05/Aug/2010:17:35:20 +0100] - add: attempt to index 1 failed
>
> [05/Aug/2010:17:35:20 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
Can you post the following:
ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -s one -b "cn=mapping tree,cn=config"
and
ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -s one -b "cn=ldbm database,cn=plugins,cn=config"

Be sure to obscure any sensitive information.
>
> However, the exact same procedure works fine on 1.2.5 (haven't tested
> with earlier RC versions of 1.2.6)
>
> When trying to troubleshoot - if I manually add the following to the
> directory:
>
> dn: dc=betfair
>
> dc: betfair
>
> objectClass: top
>
> objectClass: domain
>
> I no longer get the above error, and the "Enable Replica" step
> succeeds, but I see this in the log:
>
> [05/Aug/2010:17:45:14 +0100] NSMMReplicationPlugin -
> replica_add_by_dn: replica with dn (dc=example) already in the hash
>
> [05/Aug/2010:17:45:14 +0100] NSMMReplicationPlugin -
> replica_add_by_dn: replica with dn (dc=example) already in the hash
>
> Haven't tested past this point - although this was definitely not
> necessary on e.g. 1.2.5. I suspect it's related to the RDN shift
> mentioned in the changelogs, but I've reproduced the same issue with
>
> a) upgrades from previous versions of the packages (e.g. 1.2.5)
>
> b) clean installs of the above packages on a completely fresh CentOS
> 5.5 build
>
>
> Package versions:
>
> 389-ds-1.2.1-1.el5
>
> 389-admin-1.1.11-0.6.rc2.el5
>
> 389-ds-base-1.2.6-0.9.rc6.el5
>
> Bugzilla time?
>
> Cheers
>
>
> __________________________________________________ ____________________
> __ In order to protect our email recipients, Betfair Group use SkyScan
> from MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ____________________
> __
> ----------------------------------------------------------------------
> --
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 08-05-2010 06:03 PM

replica/rdn problems with 1.2.6 rc6
 
Jonathan Boulle wrote:
> Just realised the typo in my last email - s/dc=betfair/dc=example/, or vice versa to make them consistent (I was testing with multiple suffixes)
>
>
> [root@389-master02 slapd-389-master02]# ldapsearch -LLL -x -D "cn=directory manager" -W -s one -b "cn=mapping tree,cn=config"
> Enter LDAP Password:
> dn: cn=dc3Dbetfair,cn=mapping tree,cn=config
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsMappingTree
> cn: dc=betfair
> cn: "dc=betfair"
> nsslapd-state: backend
> nsslapd-backend: userRoot
>
> dn: cn=o3Dnetscaperoot,cn=mapping tree,cn=config
> nsslapd-state: backend
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsMappingTree
> cn: "o=netscaperoot"
> cn: o=netscaperoot
> nsslapd-backend: NetscapeRoot
>
> [root@389-master02 slapd-389-master02]#
> [root@389-master02 slapd-389-master02]# ldapsearch -LLL -x -D "cn=directory manager" -W -s one -b "cn=ldbm database,cn=plugins,cn=config"
> Enter LDAP Password:
> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> cn: config
> nsslapd-lookthroughlimit: 5000
> nsslapd-mode: 600
> nsslapd-idlistscanlimit: 4000
> nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db
> nsslapd-dbcachesize: 10000000
> nsslapd-db-logdirectory: /var/lib/dirsrv/slapd-389-master02/db
> nsslapd-db-durable-transaction: on
> nsslapd-db-checkpoint-interval: 60
> nsslapd-db-transaction-batch-val: 0
> nsslapd-db-logbuf-size: 0
> nsslapd-db-private-import-mem: on
> nsslapd-import-cache-autosize: -1
> nsslapd-import-cachesize: 20000000
> nsslapd-idl-switch: new
> nsslapd-search-bypass-filter-test: on
> nsslapd-search-use-vlv-index: on
> nsslapd-exclude-from-export: entrydn entryid dncomp parentid numSubordinates e
> ntryusn
> nsslapd-serial-lock: on
> nsslapd-subtree-rename-switch: on
>
> dn: cn=monitor,cn=ldbm database,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> cn: monitor
> database: ldbm database
> dbcachehits: 3453
> dbcachetries: 3459
> dbcachehitratio: 99
> dbcachepagein: 6
> dbcachepageout: 17
> dbcacheroevict: 0
> dbcacherwevict: 0
>
> dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsBackendInstance
> cn: NetscapeRoot
> nsslapd-suffix: o=netscaperoot
> nsslapd-cachesize: -1
> nsslapd-cachememsize: 10485760
> nsslapd-readonly: off
> nsslapd-require-index: off
> nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db/NetscapeRoot
> nsslapd-dncachememsize: 10485760
>
> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsBackendInstance
> cn: userRoot
> nsslapd-suffix: dc=betfair
> nsslapd-cachesize: -1
> nsslapd-cachememsize: 10485760
> nsslapd-readonly: off
> nsslapd-require-index: off
> nsslapd-directory: /var/lib/dirsrv/slapd-389-master02/db/userRoot
> nsslapd-dncachememsize: 10485760
>
> [root@389-master02 slapd-389-master02]#
>
This looks ok. Can you provide the exact steps you used so I can try to
reproduce this?
>
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Rich Megginson
> Sent: Thursday, August 05, 2010 6:07 PM
> To: General discussion list for the 389 Directory server project.
> Subject: Re: [389-users] replica/rdn problems with 1.2.6 rc6
>
> Jonathan Boulle wrote:
>
>> When trying to enable consumer replication on a database/root suffix,
>> we get an "operations error" (in the GUI or command line with
>> ldapmodify) and the following in the log:
>>
>> [05/Aug/2010:17:35:20 +0100] entryrdn-index - _entryrdn_insert_key:
>> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
>> found(-30989)
>>
>> [05/Aug/2010:17:35:20 +0100] - add: attempt to index 1 failed
>>
>> [05/Aug/2010:17:35:20 +0100] NSMMReplicationPlugin -
>> _replica_configure_ruv: failed to create replica ruv tombstone entry
>> (dc=example); LDAP error - 1
>>
>>
> Can you post the following:
> ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -s one -b "cn=mapping tree,cn=config"
> and
> ldapsearch -LLL -x -D "cn=directory manager" -w yourpassword -s one -b "cn=ldbm database,cn=plugins,cn=config"
>
> Be sure to obscure any sensitive information.
>
>> However, the exact same procedure works fine on 1.2.5 (haven't tested
>> with earlier RC versions of 1.2.6)
>>
>> When trying to troubleshoot - if I manually add the following to the
>> directory:
>>
>> dn: dc=betfair
>>
>> dc: betfair
>>
>> objectClass: top
>>
>> objectClass: domain
>>
>> I no longer get the above error, and the "Enable Replica" step
>> succeeds, but I see this in the log:
>>
>> [05/Aug/2010:17:45:14 +0100] NSMMReplicationPlugin -
>> replica_add_by_dn: replica with dn (dc=example) already in the hash
>>
>> [05/Aug/2010:17:45:14 +0100] NSMMReplicationPlugin -
>> replica_add_by_dn: replica with dn (dc=example) already in the hash
>>
>> Haven't tested past this point - although this was definitely not
>> necessary on e.g. 1.2.5. I suspect it's related to the RDN shift
>> mentioned in the changelogs, but I've reproduced the same issue with
>>
>> a) upgrades from previous versions of the packages (e.g. 1.2.5)
>>
>> b) clean installs of the above packages on a completely fresh CentOS
>> 5.5 build
>>
>>
>> Package versions:
>>
>> 389-ds-1.2.1-1.el5
>>
>> 389-admin-1.1.11-0.6.rc2.el5
>>
>> 389-ds-base-1.2.6-0.9.rc6.el5
>>
>> Bugzilla time?
>>
>> Cheers
>>
>>
>> __________________________________________________ ____________________
>> __ In order to protect our email recipients, Betfair Group use SkyScan
>> from MessageLabs to scan all Incoming and Outgoing mail for viruses.
>>
>> __________________________________________________ ____________________
>> __
>> ----------------------------------------------------------------------
>> --
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Jonathan Boulle 08-06-2010 09:32 AM

replica/rdn problems with 1.2.6 rc6
 
On 08/05/2010 07:03 PM, Rich Megginson wrote:
> This looks ok. Can you provide the exact steps you used so I can try to
> reproduce this?
Certainly.

1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum
--enablerepo epel-testing)
389-dsgw-1.1.5-1.el5
389-admin-console-1.1.5-1.el5
389-ds-1.2.1-1.el5
389-adminutil-1.1.8-4.el5
389-admin-1.1.11-0.6.rc2.el5
389-ds-console-1.2.3-1.el5
389-admin-console-doc-1.1.5-1.el5
389-console-1.1.4-1.el5
389-ds-base-1.2.6-0.9.rc6.el5
389-ds-console-doc-1.2.3-1.el5

2) run setup-ds-admin.pl, .inf follows below [4]

3) add user for replication
[root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=

adding new entry cn=replication manager,cn=config

4) attempt to add consumer replica entry
[root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example
nsds5replicatype: 2
nsds5ReplicaBindDN: cn=replication manager,cn=config

adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
ldap_add: Object class violation
ldap_add: additional info: missing attribute "nsDS5ReplicaId" required
by object class "nsDS5Replica"


Strange, I thought replicaID wasn't required when replicatype is set to
2 (i.e. read-only consumer) - e.g. in the example in the documentation
[1]. Well, let's try with that anyway:

[root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example
nsds5replicatype: 2
nsds5ReplicaBindDN: cn=replication manager,cn=config
nsds5replicaid: 1234

adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
ldap_add: Operations error

Error in /var/log/dirsrv/slapd-389-master02/errors [2]

5) Attempt to achieve same thing through GUI, which we'd used on
previous versions (obviously in the GUI you can't specify a replica ID
when creating a consumer)
- open directory server console
- Configuration tab
- expand Replication subtree
- click userRoot
- tick Enable Replica: Dedicated Consumer, add supplier DN
cn=replication manager,cn=config, all other settings default
- click Save
Error box pops up:
Modification Failed
Operations error

Error in /var/log/dirsrv/slapd-389-master02/errors [3]


Anything else I can provide?

Cheers
Jonathan

---

[1]
http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd

[2]
[06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1

[3]
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
replica with dn (dc=example) already in the hash
[06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1


[4] inf file generated from setup-ds-admin.pl

[General]
AdminDomain = example
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = password
ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
FullMachineName = 389-master02.example
ServerRoot = /usr/lib64/dirsrv
SuiteSpotGroup = nobody
SuiteSpotUserID = nobody
prefix =

[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = password
ServerIpAddress = 0.0.0.0
SysUser = nobody

[slapd]
AddOrgEntries = No
AddSampleEntries = No
HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
InstallLdifFile = none
RootDN = cn=Directory Manager
RootDNPwd = password
ServerIdentifier = 389-master02
ServerPort = 389
SlapdConfigForMC = yes
Suffix = dc=example
UseExistingMC = 0
bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
bindir = /usr/bin
cert_dir = /etc/dirsrv/slapd-389-master02
config_dir = /etc/dirsrv/slapd-389-master02
datadir = /usr/share
db_dir = /var/lib/dirsrv/slapd-389-master02/db
ds_bename = userRoot
inst_dir = /usr/lib64/dirsrv/slapd-389-master02
ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
localstatedir = /var
lock_dir = /var/lock/dirsrv/slapd-389-master02
log_dir = /var/log/dirsrv/slapd-389-master02
run_dir = /var/run/dirsrv
sbindir = /usr/sbin
schema_dir = /etc/dirsrv/slapd-389-master02/schema
sysconfdir = /etc
tmp_dir = /tmp



__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 08-06-2010 01:57 PM

replica/rdn problems with 1.2.6 rc6
 
Jonathan Boulle wrote:
> On 08/05/2010 07:03 PM, Rich Megginson wrote:
>
>> This looks ok. Can you provide the exact steps you used so I can try to
>> reproduce this?
>>
> Certainly.
>
> 1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum
> --enablerepo epel-testing)
> 389-dsgw-1.1.5-1.el5
> 389-admin-console-1.1.5-1.el5
> 389-ds-1.2.1-1.el5
> 389-adminutil-1.1.8-4.el5
> 389-admin-1.1.11-0.6.rc2.el5
> 389-ds-console-1.2.3-1.el5
> 389-admin-console-doc-1.1.5-1.el5
> 389-console-1.1.4-1.el5
> 389-ds-base-1.2.6-0.9.rc6.el5
> 389-ds-console-doc-1.2.3-1.el5
>
> 2) run setup-ds-admin.pl, .inf follows below [4]
>
> 3) add user for replication
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication manager
> sn: RM
> userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=
>
> adding new entry cn=replication manager,cn=config
>
> 4) attempt to add consumer replica entry
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Object class violation
> ldap_add: additional info: missing attribute "nsDS5ReplicaId" required
> by object class "nsDS5Replica"
>
>
> Strange, I thought replicaID wasn't required when replicatype is set to
> 2 (i.e. read-only consumer) - e.g. in the example in the documentation
> [1]. Well, let's try with that anyway:
>
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> nsds5replicaid: 1234
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Operations error
>
Looks like a documentation bug here
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
You do not need a real replica ID for a non-master, but there is no way
to specify in the LDAP schema that the nsDS5ReplicaID attribute is only
required if the nsds5replicatype != 3. Use a value of 0 for
nsds5replicaid when setting up a replica with ldapmodify. The console
is smart enough to do this for you when setting up a replica.
> Error in /var/log/dirsrv/slapd-389-master02/errors [2]
>
> 5) Attempt to achieve same thing through GUI, which we'd used on
> previous versions (obviously in the GUI you can't specify a replica ID
> when creating a consumer)
> - open directory server console
> - Configuration tab
> - expand Replication subtree
> - click userRoot
> - tick Enable Replica: Dedicated Consumer, add supplier DN
> cn=replication manager,cn=config, all other settings default
> - click Save
> Error box pops up:
> Modification Failed
> Operations error
>
> Error in /var/log/dirsrv/slapd-389-master02/errors [3]
>
>
> Anything else I can provide?
>
Please file a bug at https://bugzilla.redhat.com/enter_bug.cgi?product=389
> Cheers
> Jonathan
>
> ---
>
> [1]
> http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
>
> [2]
> [06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
> [3]
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
> replica with dn (dc=example) already in the hash
> [06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
>
> [4] inf file generated from setup-ds-admin.pl
>
> [General]
> AdminDomain = example
> ConfigDirectoryAdminID = admin
> ConfigDirectoryAdminPwd = password
> ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
> FullMachineName = 389-master02.example
> ServerRoot = /usr/lib64/dirsrv
> SuiteSpotGroup = nobody
> SuiteSpotUserID = nobody
> prefix =
>
> [admin]
> Port = 9830
> ServerAdminID = admin
> ServerAdminPwd = password
> ServerIpAddress = 0.0.0.0
> SysUser = nobody
>
> [slapd]
> AddOrgEntries = No
> AddSampleEntries = No
> HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
> InstallLdifFile = none
> RootDN = cn=Directory Manager
> RootDNPwd = password
> ServerIdentifier = 389-master02
> ServerPort = 389
> SlapdConfigForMC = yes
> Suffix = dc=example
> UseExistingMC = 0
> bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
> bindir = /usr/bin
> cert_dir = /etc/dirsrv/slapd-389-master02
> config_dir = /etc/dirsrv/slapd-389-master02
> datadir = /usr/share
> db_dir = /var/lib/dirsrv/slapd-389-master02/db
> ds_bename = userRoot
> inst_dir = /usr/lib64/dirsrv/slapd-389-master02
> ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
> localstatedir = /var
> lock_dir = /var/lock/dirsrv/slapd-389-master02
> log_dir = /var/log/dirsrv/slapd-389-master02
> run_dir = /var/run/dirsrv
> sbindir = /usr/sbin
> schema_dir = /etc/dirsrv/slapd-389-master02/schema
> sysconfdir = /etc
> tmp_dir = /tmp
>
>
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Jonathan Boulle 08-06-2010 02:15 PM

replica/rdn problems with 1.2.6 rc6
 
https://bugzilla.redhat.com/show_bug.cgi?id=621928
Thanks Rich.
________________________________________
From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Rich Megginson [rmeggins@redhat.com]
Sent: Friday, August 06, 2010 2:57 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] replica/rdn problems with 1.2.6 rc6

Jonathan Boulle wrote:
> On 08/05/2010 07:03 PM, Rich Megginson wrote:
>
>> This looks ok. Can you provide the exact steps you used so I can try to
>> reproduce this?
>>
> Certainly.
>
> 1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum
> --enablerepo epel-testing)
> 389-dsgw-1.1.5-1.el5
> 389-admin-console-1.1.5-1.el5
> 389-ds-1.2.1-1.el5
> 389-adminutil-1.1.8-4.el5
> 389-admin-1.1.11-0.6.rc2.el5
> 389-ds-console-1.2.3-1.el5
> 389-admin-console-doc-1.1.5-1.el5
> 389-console-1.1.4-1.el5
> 389-ds-base-1.2.6-0.9.rc6.el5
> 389-ds-console-doc-1.2.3-1.el5
>
> 2) run setup-ds-admin.pl, .inf follows below [4]
>
> 3) add user for replication
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication manager
> sn: RM
> userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=
>
> adding new entry cn=replication manager,cn=config
>
> 4) attempt to add consumer replica entry
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Object class violation
> ldap_add: additional info: missing attribute "nsDS5ReplicaId" required
> by object class "nsDS5Replica"
>
>
> Strange, I thought replicaID wasn't required when replicatype is set to
> 2 (i.e. read-only consumer) - e.g. in the example in the documentation
> [1]. Well, let's try with that anyway:
>
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> nsds5replicaid: 1234
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Operations error
>
Looks like a documentation bug here
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
You do not need a real replica ID for a non-master, but there is no way
to specify in the LDAP schema that the nsDS5ReplicaID attribute is only
required if the nsds5replicatype != 3. Use a value of 0 for
nsds5replicaid when setting up a replica with ldapmodify. The console
is smart enough to do this for you when setting up a replica.
> Error in /var/log/dirsrv/slapd-389-master02/errors [2]
>
> 5) Attempt to achieve same thing through GUI, which we'd used on
> previous versions (obviously in the GUI you can't specify a replica ID
> when creating a consumer)
> - open directory server console
> - Configuration tab
> - expand Replication subtree
> - click userRoot
> - tick Enable Replica: Dedicated Consumer, add supplier DN
> cn=replication manager,cn=config, all other settings default
> - click Save
> Error box pops up:
> Modification Failed
> Operations error
>
> Error in /var/log/dirsrv/slapd-389-master02/errors [3]
>
>
> Anything else I can provide?
>
Please file a bug at https://bugzilla.redhat.com/enter_bug.cgi?product=389
> Cheers
> Jonathan
>
> ---
>
> [1]
> http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
>
> [2]
> [06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
> [3]
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
> replica with dn (dc=example) already in the hash
> [06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
>
> [4] inf file generated from setup-ds-admin.pl
>
> [General]
> AdminDomain = example
> ConfigDirectoryAdminID = admin
> ConfigDirectoryAdminPwd = password
> ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
> FullMachineName = 389-master02.example
> ServerRoot = /usr/lib64/dirsrv
> SuiteSpotGroup = nobody
> SuiteSpotUserID = nobody
> prefix =
>
> [admin]
> Port = 9830
> ServerAdminID = admin
> ServerAdminPwd = password
> ServerIpAddress = 0.0.0.0
> SysUser = nobody
>
> [slapd]
> AddOrgEntries = No
> AddSampleEntries = No
> HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
> InstallLdifFile = none
> RootDN = cn=Directory Manager
> RootDNPwd = password
> ServerIdentifier = 389-master02
> ServerPort = 389
> SlapdConfigForMC = yes
> Suffix = dc=example
> UseExistingMC = 0
> bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
> bindir = /usr/bin
> cert_dir = /etc/dirsrv/slapd-389-master02
> config_dir = /etc/dirsrv/slapd-389-master02
> datadir = /usr/share
> db_dir = /var/lib/dirsrv/slapd-389-master02/db
> ds_bename = userRoot
> inst_dir = /usr/lib64/dirsrv/slapd-389-master02
> ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
> localstatedir = /var
> lock_dir = /var/lock/dirsrv/slapd-389-master02
> log_dir = /var/log/dirsrv/slapd-389-master02
> run_dir = /var/run/dirsrv
> sbindir = /usr/sbin
> schema_dir = /etc/dirsrv/slapd-389-master02/schema
> sysconfdir = /etc
> tmp_dir = /tmp
>
>
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 08-06-2010 05:17 PM

replica/rdn problems with 1.2.6 rc6
 
Jonathan Boulle wrote:
> On 08/05/2010 07:03 PM, Rich Megginson wrote:
>
>> This looks ok. Can you provide the exact steps you used so I can try to
>> reproduce this?
>>
> Certainly.
>
> 1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages (yum
> --enablerepo epel-testing)
> 389-dsgw-1.1.5-1.el5
> 389-admin-console-1.1.5-1.el5
> 389-ds-1.2.1-1.el5
> 389-adminutil-1.1.8-4.el5
> 389-admin-1.1.11-0.6.rc2.el5
> 389-ds-console-1.2.3-1.el5
> 389-admin-console-doc-1.1.5-1.el5
> 389-console-1.1.4-1.el5
> 389-ds-base-1.2.6-0.9.rc6.el5
> 389-ds-console-doc-1.2.3-1.el5
>
> 2) run setup-ds-admin.pl, .inf follows below [4]
>
> 3) add user for replication
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> cn: replication manager
> sn: RM
> userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=
>
> adding new entry cn=replication manager,cn=config
>
> 4) attempt to add consumer replica entry
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Object class violation
> ldap_add: additional info: missing attribute "nsDS5ReplicaId" required
> by object class "nsDS5Replica"
>
>
> Strange, I thought replicaID wasn't required when replicatype is set to
> 2 (i.e. read-only consumer) - e.g. in the example in the documentation
> [1]. Well, let's try with that anyway:
>
> [root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
> "cn=directory manager" -w password
> dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
> changetype: add
> objectclass: top
> objectclass: nsds5replica
> objectclass: extensibleObject
> cn: replica
> nsds5replicaroot: dc=example
> nsds5replicatype: 2
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> nsds5replicaid: 1234
>
> adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
> ldap_add: Operations error
>
> Error in /var/log/dirsrv/slapd-389-master02/errors [2]
>
> 5) Attempt to achieve same thing through GUI, which we'd used on
> previous versions (obviously in the GUI you can't specify a replica ID
> when creating a consumer)
> - open directory server console
> - Configuration tab
> - expand Replication subtree
> - click userRoot
> - tick Enable Replica: Dedicated Consumer, add supplier DN
> cn=replication manager,cn=config, all other settings default
> - click Save
> Error box pops up:
> Modification Failed
> Operations error
>
> Error in /var/log/dirsrv/slapd-389-master02/errors [3]
>
>
> Anything else I can provide?
>
The workaround is to run setup but use InstallLdifFile = suggest instead
of none. Try that.
> Cheers
> Jonathan
>
> ---
>
> [1]
> http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replication-Configuring-Replication-cmd.html#Configuring-Replication-Consumers-cmd
>
> [2]
> [06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
> [3]
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
> replica with dn (dc=example) already in the hash
> [06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
> Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
> found(-30989)
> [06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
> [06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
> _replica_configure_ruv: failed to create replica ruv tombstone entry
> (dc=example); LDAP error - 1
>
>
> [4] inf file generated from setup-ds-admin.pl
>
> [General]
> AdminDomain = example
> ConfigDirectoryAdminID = admin
> ConfigDirectoryAdminPwd = password
> ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
> FullMachineName = 389-master02.example
> ServerRoot = /usr/lib64/dirsrv
> SuiteSpotGroup = nobody
> SuiteSpotUserID = nobody
> prefix =
>
> [admin]
> Port = 9830
> ServerAdminID = admin
> ServerAdminPwd = password
> ServerIpAddress = 0.0.0.0
> SysUser = nobody
>
> [slapd]
> AddOrgEntries = No
> AddSampleEntries = No
> HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
> InstallLdifFile = none
> RootDN = cn=Directory Manager
> RootDNPwd = password
> ServerIdentifier = 389-master02
> ServerPort = 389
> SlapdConfigForMC = yes
> Suffix = dc=example
> UseExistingMC = 0
> bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
> bindir = /usr/bin
> cert_dir = /etc/dirsrv/slapd-389-master02
> config_dir = /etc/dirsrv/slapd-389-master02
> datadir = /usr/share
> db_dir = /var/lib/dirsrv/slapd-389-master02/db
> ds_bename = userRoot
> inst_dir = /usr/lib64/dirsrv/slapd-389-master02
> ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
> localstatedir = /var
> lock_dir = /var/lock/dirsrv/slapd-389-master02
> log_dir = /var/log/dirsrv/slapd-389-master02
> run_dir = /var/run/dirsrv
> sbindir = /usr/sbin
> schema_dir = /etc/dirsrv/slapd-389-master02/schema
> sysconfdir = /etc
> tmp_dir = /tmp
>
>
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 07:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.