Story #2992
Generation of slapd configuration may cause LDAP replication trouble
100%
Description
When re-running slaptest on a CN using the /etc/ldap/slapd.conf file modified by the dataone-cn-os-core build script, the resulting configuration file in /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif may include the 'uri=""' string in the olcSyncrepl attribute value. This seems to only happen under slapd 2.4.21, not 2.4.20, and causes replication to fail. However, for the cn-stage environment, the 'uri=""' wasn't present. Removing that string from the olcSyncrepl value allowed syncrepl to work correctly. Investigate this further to pin down a consistent cause.
History
#1 Updated by Chris Jones over 12 years ago
Even without this uri="" string, we're seeing syncrepl issues in the production environment. On June 26, 8:15 pm, while trying to update the CDL base url in ldap while connected to cn-ucsb-1 on port 389, the modification replicated to cn-orc-1, but not cn-unm-1. When trying the same modification against cn-unm-1, neither cn-ucsb-1 nor cn-orc-1 received the update. When making the change on cn-orc-1, it only replicated to cn-ucsb-1, not cn-unm-1. telnetting to each server from each server on port 389 is successful, so this isn't a firewall issue.
#2 Updated by Robert Waltz over 12 years ago
- Milestone changed from CCI-1.0.2 to CCI-1.0.3
Due the the URI problem, slaptest should never be run without further commands being run. Below is a shell script that should be run as root to manually reconfigure LDAP :
#!/bin/bash
LDAP_USER=openldap
LDAP_CONF=/etc/ldap
stop the default service¶
echo "Stopping slapd"
/etc/init.d/slapd stop
start, using slapd.conf file¶
echo "Generating ldif config using: ${LDAP_CONF}/slapd.conf"
rm -rf /etc/ldap/slapd.d/*
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
if [ -e ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif ]
then
sed -i.bak 's/uri=\"\"//' ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif
rm ${LDAP_CONF}/slapd.d/cn=config/olcDatabase={1}hdb.ldif.bak
fi
chown -R ${LDAP_USER}.${LDAP_USER} /etc/ldap/slapd.d
echo "Starting slapd"
/etc/init.d/slapd start
#3 Updated by Dave Vieglais over 12 years ago
- Target version changed from Sprint-2012.23-Block.3.4 to Sprint-2012.29-Block.4.3
#4 Updated by Chris Jones over 12 years ago
- Status changed from New to Closed
Testing the generation of the slapd.d directory under version 2.4.21 showed that the uri="" string was not added to the config. slapd started fine. I'm going to close this bug since the behavior is as expected now. Tests were done on cn-dev-[ucsb|unm|orc]-1.test.dataone.org.
