[
https://issues.apache.org/jira/browse/DIRSERVER-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13558602#comment-13558602
]
Michael Simon edited comment on DIRSERVER-1792 at 1/21/13 8:02 AM:
-------------------------------------------------------------------
Thanks for going in details. I understand that accessControlSubentries have
NO-USER-MODIFICATION set. But i could change values on the master node using
Directory Studio. Perhaps it made the delete-create operation in the
background? I'll check this later.
For the LDIF that triggers the first error:
dn: ou=test,dc=bwidm,dc=de
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: test
administrativeRole: autonomousArea
dn: ou=test,dc=bwidm,dc=de
changetype: modify
replace: administrativeRole
administrativeRole: accessControlSpecificArea
-
Logging on the master says:
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event ADD of entry ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event MODIFY of entry ou=test,dc=bwidm,dc=de
On the slave node:
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control:
rid=009,csn=20130121075148.083000Z#000000#001#000000
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name ADD
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- adding entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- Entry
dn[n]: ou=test,dc=bwidm,dc=de
objectClass: organizationalUnit
objectClass: top
entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027
ou: test
entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
createTimestamp: 20130121075148.083Z
entryCSN: 20130121075148.083000Z#000000#001#000000
administrativeRole: autonomousArea
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- stored the cookie
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control:
rid=009,csn=20130121075148.172000Z#000000#001#000000
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name MODIFY
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- modifying entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] -
ERR_54 Cannot add a value which is already present : organizationalUnit
[08:51:48] ERROR
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException:
ERR_54 Cannot add a value which is already present : organizationalUnit
at
org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
at
org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
...
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217)
at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563)
at
org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726)
at java.lang.Thread.run(Thread.java:636)
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
was (Author: michael_simon):
Thanks for going in details. I understand that accessControlSubentries have
NO-USER-MODIFICATION set. But i could change values on the master node using
Directory Studio. Perhaps he made the delete-create operation in the
background? I'll check this later.
For the LDIF that triggers the first error:
dn: ou=test,dc=bwidm,dc=de
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: test
administrativeRole: autonomousArea
dn: ou=test,dc=bwidm,dc=de
changetype: modify
replace: administrativeRole
administrativeRole: accessControlSpecificArea
-
Logging on the master says:
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event ADD of entry ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event MODIFY of entry ou=test,dc=bwidm,dc=de
On the slave node:
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control:
rid=009,csn=20130121075148.083000Z#000000#001#000000
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name ADD
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- adding entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- Entry
dn[n]: ou=test,dc=bwidm,dc=de
objectClass: organizationalUnit
objectClass: top
entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027
ou: test
entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
createTimestamp: 20130121075148.083Z
entryCSN: 20130121075148.083000Z#000000#001#000000
administrativeRole: autonomousArea
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- stored the cookie
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control:
rid=009,csn=20130121075148.172000Z#000000#001#000000
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name MODIFY
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- modifying entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] -
ERR_54 Cannot add a value which is already present : organizationalUnit
[08:51:48] ERROR
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException:
ERR_54 Cannot add a value which is already present : organizationalUnit
at
org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
at
org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
...
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217)
at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773)
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563)
at
org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726)
at java.lang.Thread.run(Thread.java:636)
[08:51:48] DEBUG
[org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
> Replication and Modification of ACIs
> ------------------------------------
>
> Key: DIRSERVER-1792
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1792
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M9
> Environment: Linux 64bit
> OpenJDK Runtime Environment (IcedTea6 1.8.13) (6b18-1.8.13-0+squeeze2)
> Reporter: Michael Simon
>
> Creating an ou with administrativeRole set works and replicates on the Slave
> nodes. Modifying the administrativeRole to accessControlSpecificArea for
> example on an existing ou throws an Exception:
> [13:04:07] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor]
> - ERR_54 Cannot add a value which is already present : organizationalUnit
> [13:04:07] ERROR
> [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
> - ERR_54 Cannot add a value which is already present : organizationalUnit
> org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException:
> ERR_54 Cannot add a value which is already present : organizationalUnit
> at
> org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
> at
> org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
> at
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> More or less the same things happens with accessControlSubentries. Creating
> an entry is working and replicating, but modifying the prescriptiveACI throws
> an exception:
> [13:10:58] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor]
> - ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE (
> 1.3.6.1.4.1.18060.0.4.1.2.11
> NAME 'accessControlSubentries'
> DESC Used to track a subentry associated with access control areas
> EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
> NO-USER-MODIFICATION
> USAGE directoryOperation
> )
> at
> org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:716)
> at
> org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
> at
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
