I have a perl script I've been working on to setup replication. The replication works
great for replication from master to master. But I've been running into problems with
dedicated consumers and their referrals.
If I disable the add_replical_referral sub in my script, and let fds handle the referrals
on the fly it works (go figure :) ). But it doesn't set it up how I want so I need to
customize it. It seems like when I set the referrals manually via perl, the space in the
url of the referal is causing the whole dn of the update to get truncated as soon as it
detects a space. Here is what I mean.
The following snippets are from myself updating an object on the consumer and it failing.
All referrals have been created from my script. Not sure what the nsdisablerole is
doing...
On the dedicated consumer
[24/Sep/2008:19:58:50 +0000] conn=14 op=0 BIND dn="cn=Directory Manager"
method=128 version=3
[24/Sep/2008:19:58:51 +0000] conn=14 op=0 RESULT err=0 tag=97 nentries=0 etime=1
dn="cn=directory manager"
[24/Sep/2008:19:58:51 +0000] conn=14 op=1 SRCH base="uid=goodgut,ou=People,
dc=xxx,dc=ec,dc=gc,dc=ca" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="nscpEntryDN
nsICQStatusText nsAIMStatusText copiedFrom passwordExpirationTime passwordAllowChangeTime
nsICQStatusGraphic hasSubordinates nsRole nsRoleDN aci modifyTimestamp passwordExpWarned
nsAccountLock nsAIMStatusGraphic nsds5ReplConflict nsIdleTimeout pwdpolicysubentry
nsLookThroughLimit nsSizeLimit entryid nsUniqueId passwordRetryCount dncomp creatorsName
nsSchemaCSN passwordGraceUserTime nsYIMStatusGraphic nsTimeLimit entrydn copyingFrom
subschemaSubentry accountUnlockTime createTimestamp numSubordinates passwordHistory
retryCountResetTime parentid ldapSchemas ldapSyntaxes modifiersName nsYIMStatusText
nsBackendSuffix * aci"
[24/Sep/2008:19:58:51 +0000] conn=14 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[24/Sep/2008:19:58:51 +0000] conn=14 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs="nsslapd-suffix nsBackendSuffix"
[24/Sep/2008:19:58:51 +0000] conn=14 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[24/Sep/2008:19:58:51 +0000] conn=14 op=3 SRCH
base="cn=nsdisabledrole,dc=xxx,dc=ec,dc=gc,dc=ca" scope=0
filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs="cn
userPassword nsRole nsRoleDN objectClass nsAccountLock"
[24/Sep/2008:19:58:51 +0000] conn=14 op=3 RESULT err=32 tag=101 nentries=0 etime=0
[24/Sep/2008:19:58:56 +0000] conn=14 op=4 MOD
dn="uid=goodgut,ou=People,dc=xxx,dc=ec,dc=gc,dc=ca"
[24/Sep/2008:19:58:56 +0000] conn=14 op=4 RESULT err=10 tag=103 nentries=0 etime=0
On the MMR server
[24/Sep/2008:19:58:57 +0000] conn=59 fd=70 slot=70 connection from x.x.x.x to x.x.x.x
[24/Sep/2008:19:58:57 +0000] conn=59 op=0 BIND dn="cn=Directory Manager"
method=128 version=3
[24/Sep/2008:19:58:57 +0000] conn=59 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="cn=directory manager"
[24/Sep/2008:19:58:57 +0000] conn=59 op=1 MOD
dn="uid=goodgut,ou=people,dc=xxx,"
[24/Sep/2008:19:58:57 +0000] conn=59 op=1 RESULT err=32 tag=103 nentries=0 etime=0
[24/Sep/2008:19:58:57 +0000] conn=59 op=2 UNBIND
[24/Sep/2008:19:58:57 +0000] conn=59 op=2 fd=70 closed - U1
You can see in the mod request, it's not getting the whole DN, it seems to truncate
it at the first space it detects.
Here is the referral entries from the consumer
xxxsrvr4:/etc/dirsrv/slapd-xxxsrvr4# ldapsearch -x -h xxxsrvr4 -D "cn=directory
manager" -b "cn=config" -W "objectclass=*"|grep dmns
Enter LDAP Password:
nsslapd-referral: ldap://xxxdmns0:389/dc=xxx, dc=ec, dc=gc, dc=ca
nsDS5ReplicaReferral: ldap://xxxdmns0:389/dc=xxx, dc=ec, dc=gc, dc=ca
If I blow away the rep agreement, and create it from the console, the referrals work
fine and look like so.
[24/Sep/2008:20:17:29 +0000] conn=60 fd=70 slot=70 connection from x.x.x.x to x.x.x.x
[24/Sep/2008:20:17:29 +0000] conn=60 op=0 BIND dn="cn=Directory Manager"
method=128 version=3
[24/Sep/2008:20:17:29 +0000] conn=60 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="cn=directory manager"
[24/Sep/2008:20:17:29 +0000] conn=60 op=1 MOD
dn="uid=goodgut,ou=People,dc=xxx,dc=ec,dc=gc,dc=ca"
[24/Sep/2008:20:17:29 +0000] conn=60 op=1 RESULT err=0 tag=103 nentries=0 etime=0
csn=48daa05a000000010000
[24/Sep/2008:20:17:29 +0000] conn=61 fd=71 slot=71 connection from x.x.x.x to x.x.x.x
[24/Sep/2008:20:17:29 +0000] conn=61 op=0 BIND dn="uid=RManager,cn=config"
method=128 version=3
[24/Sep/2008:20:17:29 +0000] conn=61 op=0 RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=rmanager,cn=config"
[24/Sep/2008:20:17:29 +0000] conn=61 op=1 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[24/Sep/2008:20:17:29 +0000] conn=61 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[24/Sep/2008:20:17:29 +0000] conn=61 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=3 EXT oid="2.16.840.1.113730.3.5.3"
name="Netscape Replication Start Session"
[24/Sep/2008:20:17:29 +0000] conn=61 op=3 RESULT err=0 tag=120 nentries=0 etime=0
[24/Sep/2008:20:17:29 +0000] conn=61 op=4 EXT oid="2.16.840.1.113730.3.5.5"
name="Netscape Replication End Session"
[24/Sep/2008:20:17:29 +0000] conn=61 op=4 RESULT err=0 tag=120 nentries=0 etime=0
[24/Sep/2008:20:17:29 +0000] conn=60 op=2 UNBIND
But the referals look like they've been added with ascii codes in the console.
xxxsrvr4:/etc/dirsrv/slapd-xxxsrvr4# ldapsearch -x -h xxxsrvr4 -D "cn=directory
manager" -b "cn=config" -W "objectclass=*"|grep dmns
Enter LDAP Password:
nsslapd-referral: ldap://xxxdmns0.xxx.ec.gc.ca:389/dc%3Dxxx%2C%20dc%3Dec%2C%20
nsslapd-referral: ldap://xxxdmns1.xxx.ec.gc.ca:389/dc%3Dxxx%2C%20dc%3Dec%2C%20
xxxrvr4:/etc/dirsrv/slapd-xxxsrvr4#
So my question, is do I need to convert the spaces in my referral entries to ascii codes
before creating the referral entries?
Here is the sub I use for reference.
sub add_replica_referral
{
# adds referral to the multivalued attribute nsDS5ReplicaReferral in dn:
cn=replica,cn="$config{BASE_DN}",cn=mapping tree,cn=config
# should only need to add this to a read only consumer!!
# the first entry will be created automatically by the add_rep_object, this will add
more referrals
# TODO add check to make sure the replica object exists, otherwise it will fail silently
and throw and err=32 no such object
# in the servers log.
my ($server, $server_port, $referral, $referral_port, $bind_pw) = @_;
my ($ldap, $msg);
if ( ($ldap = conn_bind($server,$server_port,$passwd)) eq 0 ) {
print "\t*********** bind/connect failed to $server on port $server_port
***************\n";
return 0;
}
print "Adding referral on $server back to $referral\n";
# dn: cn=replica,cn="$config{BASE_DN}",cn=mapping tree,cn=config
# nsDS5ReplicaReferral: ldap://xxxx:389/dc=xxx,dc=ec,dc=gc,dc=ca
$msg = $ldap->modify("cn=replica,cn=\"$config{BASE_DN}\",cn=mapping
tree,cn=config",
add => { 'nsDS5ReplicaReferral' =>
"ldap://$referral:$referral_port/$config{BASE_DN}" });
if ($msg->code == LDAP_ALREADY_EXISTS)
{
print "\t -> already exists\n\n";
}
disconnect($ldap);
}
Ryan