Re: Replication and acl: moddn operation problem.

Wed, 20 Jun 2012 15:04:58 -0700 

On 20/6/2012 3:10 μμ, Konstantin Menshikov wrote:


Please, show your replication setup at which it works correctly.



OK, here is an example test setup:

DN: ou=TestBranch1,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch1

DN: dc=hostx,ou=TestBranch1,dc=example,dc=com
objectClass: dNSDomain2
objectClass: domainRelatedObject
associatedDomain: hostx.example.com
cNAMERecord: www.example.com
dc: hostx

DN: ou=TestBranch2,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch2

ACLs (over-simplistic, devised to illustrate the case):
{0}to dn.sub="ou=TestBranch1,dc=example,dc=com" by dn.exact="uid=dnsauth,ou=system,dc=example,dc=com" write by * none 
{1}to dn.sub="ou=TestBranch2,dc=example,dc=com"  by * none

Consumer setup:

syncrepl rid=444
        provider=ldaps://vdev.example.com
        type=refreshAndPersist
        tls_reqcert=never
        retry="60 +"
        searchbase="dc=example,dc=com"
        schemachecking=off
        bindmethod=simple
        binddn="uid=dnsauth,ou=System,dc=example,dc=com"
        credentials="secret"
Initial State: dc=hostx,ou=TestBranch1,dc=example,dc=com exists on both provider and consumer.
Action1: Manager moves (on the provider) dc=hostx from ou=TestBranch1,dc=example,dc=com to dc=hostx,ou=TestBranch2,dc=example,dc=com where consumer has no visibility. 
Result: Entry is removed from the consumer
Action2: Manager moves back dc=hostx from ou=TestBranch2,dc=example,dc=com to dc=hostx,ou=TestBranch1,dc=example,dc=com where consumer has visibility. 
Result: Entry is added back to the consumer

On the provider:
Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x41046300 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e4b94b0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x4351e750 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e003b10 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x4251c300 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d620 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x41046750 20120620212527.515237Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d5c0 20120620212527.515237Z#000000#000#000000 

On the consumer:
Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 LDAP_RES_INTERMEDIATE - NEW_COOKIE Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 NEW_COOKIE: rid=444,csn=20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc2746a0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: 6bd53150-9abf-4c83-9d23-9a706b042e07 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE) 
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_delete dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46f320 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: bfd9ef4e-e299-445b-b0db-ffafbd8f3804 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) 
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0)
Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_add dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000
As I have noted in another message, I found it is important that the syncrepl user have NO access at all to the branch where we want no visibility, otherwise, there might be syncrepl tricky behavior. 

Nick

Reply via email to