Project

General

Profile

Story #2992

Generation of slapd configuration may cause LDAP replication trouble

Added by Chris Jones over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
d1_cn_buildout
Start date:
2012-06-20
Due date:
% Done:

100%

Story Points:
Sprint:

Description

When re-running slaptest on a CN using the /etc/ldap/slapd.conf file modified by the dataone-cn-os-core build script, the resulting configuration file in /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif may include the 'uri=""' string in the olcSyncrepl attribute value. This seems to only happen under slapd 2.4.21, not 2.4.20, and causes replication to fail. However, for the cn-stage environment, the 'uri=""' wasn't present. Removing that string from the olcSyncrepl value allowed syncrepl to work correctly. Investigate this further to pin down a consistent cause.

History

#1 Updated by Chris Jones over 11 years ago

Even without this uri="" string, we're seeing syncrepl issues in the production environment. On June 26, 8:15 pm, while trying to update the CDL base url in ldap while connected to cn-ucsb-1 on port 389, the modification replicated to cn-orc-1, but not cn-unm-1. When trying the same modification against cn-unm-1, neither cn-ucsb-1 nor cn-orc-1 received the update. When making the change on cn-orc-1, it only replicated to cn-ucsb-1, not cn-unm-1. telnetting to each server from each server on port 389 is successful, so this isn't a firewall issue.

#2 Updated by Robert Waltz over 11 years ago

  • Milestone changed from CCI-1.0.2 to CCI-1.0.3

Due the the URI problem, slaptest should never be run without further commands being run. Below is a shell script that should be run as root to manually reconfigure LDAP :

#!/bin/bash

LDAP_USER=openldap
LDAP_CONF=/etc/ldap

stop the default service

echo "Stopping slapd"
/etc/init.d/slapd stop

start, using slapd.conf file

echo "Generating ldif config using: ${LDAP_CONF}/slapd.conf"

rm -rf /etc/ldap/slapd.d/*
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
if [ -e ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif ]
then
sed -i.bak 's/uri=\"\"//' ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif
rm ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif.bak
fi
chown -R ${LDAP_USER}.${LDAP_USER} /etc/ldap/slapd.d

echo "Starting slapd"
/etc/init.d/slapd start

#3 Updated by Dave Vieglais over 11 years ago

  • Target version changed from Sprint-2012.23-Block.3.4 to Sprint-2012.29-Block.4.3

#4 Updated by Chris Jones over 11 years ago

  • Status changed from New to Closed

Testing the generation of the slapd.d directory under version 2.4.21 showed that the uri="" string was not added to the config. slapd started fine. I'm going to close this bug since the behavior is as expected now. Tests were done on cn-dev-[ucsb|unm|orc]-1.test.dataone.org.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)