For information, I tryied on the latest OpenLDAP version (2.4.36) and I have the same troubles.
Sylvain 2013/8/30 Sylvain <[email protected]> > I think "-" is only for modify changetype. > I have tested anyway without success. > > > 2013/8/30 Ulrich Windl <[email protected]> > >> >>> Sylvain <[email protected]> schrieb am 30.08.2013 um 12:41 in >> Nachricht >> <calhnj+svk2ryj9_y46that-zxhxkm0sx-7a9cz55sy1pf0t...@mail.gmail.com>: >> > Hi ! >> > >> > In my logs, I saw lot of lines like this (we have a poor script which >> > refresh the base with delete/add primitives) : >> > >> > memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete >> > memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16 >> > >> > I can reproduce the problem with a small LDIF : >> > >> > # 1st part >> > dn: uid=V6971,ou=people,dc=xxx,dc=com >> > changetype: delete >> Could it be you need a line with "-" here? >> > dn: uid=V6971,ou=people,dc=xxx,dc=com >> > changetype: add >> > objectClass... >> > >> > # 2nd part >> > dn: cn=VAC,ou=groups,dc=xxx,dc=com >> > changetype: delete >> And there? >> > dn: cn=VAC,ou=groups,dc=xxx,dc=com >> > changetype: add >> > objectClass... >> > >> > In the logs (shown below), we saw that problem occurs only on the >> delete of >> > cn=VAC but if I reduce the LDIF to that (2nd part), I have no more the >> > problem !? I don't understand... >> > >> > Here the logs with all the LDIF : >> > >> > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 fd=32 ACCEPT from IP= >> > 192.168.0.1:48049 (IP=0.0.0.0:389) >> > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND >> > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128 >> > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND >> > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0 >> > Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 RESULT tag=97 err=0 >> > text= >> > --> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=1 DEL >> > dn="cn=VAC,ou=groups,dc=xxx,dc=com" >> > --> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1: >> > memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete >> > memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16 >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1 RESULT tag=107 err=0 >> > text= >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 ADD >> > dn="cn=VAC,ou=groups,dc=xxx,dc=com" >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 RESULT tag=105 err=0 >> > text= >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 DEL >> > dn="uid=V6971,ou=people,dc=xxx,dc=com" >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 RESULT tag=107 err=0 >> > text= >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 ADD >> > dn="uid=V6971,ou=people,dc=xxx,dc=com" >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 RESULT tag=105 err=0 >> > text= >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=5 UNBIND >> > Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 fd=32 closed >> > >> > And here the logs with only the 2nd part of LDIF : >> > >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 ACCEPT from IP= >> > 192.168.0.1:43599 (IP=0.0.0.0:389) >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND >> > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128 >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND >> > dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0 >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 RESULT tag=97 err=0 >> > text= >> > --> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 DEL >> > dn="cn=VAC,ou=groups,dc=xxx,dc=com" >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 RESULT tag=107 err=0 >> > text= >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 ADD >> > dn="cn=VAC,ou=groups,dc=xxx,dc=com" >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 RESULT tag=105 err=0 >> > text= >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=3 UNBIND >> > Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 closed >> > >> > For information, here the configuration of memberOf overlay : >> > >> > dn: olcOverlay={0}memberof, olcDatabase={1}hdb, cn=config >> > olcMemberOfMemberAD: member >> > olcMemberOfRefInt: FALSE >> > olcOverlay: memberof >> > olcMemberOfDangling: ignore >> > objectClass: olcMemberOf >> > objectClass: olcOverlayConfig >> > olcMemberOfMemberOfAD: memberOf >> > olcMemberOfGroupOC: groupOfNames >> > >> > We run OpenLDAP 2.4.31 replicated onto another host on Debian Wheezy. >> > Do you have an idea on the problem ? >> > >> > Thanks, >> > Sylvain >> >> >> >> >
