directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Simon (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DIRSERVER-1792) Replication and Modification of ACIs
Date Mon, 21 Jan 2013 08:02:13 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13558602#comment-13558602
] 

Michael Simon edited comment on DIRSERVER-1792 at 1/21/13 8:02 AM:
-------------------------------------------------------------------

Thanks for going in details. I understand that accessControlSubentries have NO-USER-MODIFICATION
set. But i could change values on the master node using Directory Studio. Perhaps it made
the delete-create operation in the background? I'll check this later.

For the LDIF that triggers the first error: 

dn: ou=test,dc=bwidm,dc=de
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: test
administrativeRole: autonomousArea

dn: ou=test,dc=bwidm,dc=de
changetype: modify
replace: administrativeRole
administrativeRole: accessControlSpecificArea
-

Logging on the master says:
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event ADD of entry ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event MODIFY of entry ou=test,dc=bwidm,dc=de

On the slave node:

[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control: rid=009,csn=20130121075148.083000Z#000000#001#000000
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name ADD
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- adding entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- Entry
    dn[n]: ou=test,dc=bwidm,dc=de
    objectClass: organizationalUnit
    objectClass: top
    entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027
    ou: test
    entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673
    creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
    createTimestamp: 20130121075148.083Z
    entryCSN: 20130121075148.083000Z#000000#001#000000
    administrativeRole: autonomousArea

[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- stored the cookie
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control: rid=009,csn=20130121075148.172000Z#000000#001#000000
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name MODIFY
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- modifying entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot
add a value which is already present : organizationalUnit
[08:51:48] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add
a value which is already present : organizationalUnit
        at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
        at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
        at org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
...
        at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217)
        at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563)
        at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726)
        at java.lang.Thread.run(Thread.java:636)
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------


                
      was (Author: michael_simon):
    Thanks for going in details. I understand that accessControlSubentries have NO-USER-MODIFICATION
set. But i could change values on the master node using Directory Studio. Perhaps he made
the delete-create operation in the background? I'll check this later.

For the LDIF that triggers the first error: 

dn: ou=test,dc=bwidm,dc=de
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: test
administrativeRole: autonomousArea

dn: ou=test,dc=bwidm,dc=de
changetype: modify
replace: administrativeRole
administrativeRole: accessControlSpecificArea
-

Logging on the master says:
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event ADD of entry ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] -
logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener]
- sending event MODIFY of entry ou=test,dc=bwidm,dc=de

On the slave node:

[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control: rid=009,csn=20130121075148.083000Z#000000#001#000000
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name ADD
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- adding entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- Entry
    dn[n]: ou=test,dc=bwidm,dc=de
    objectClass: organizationalUnit
    objectClass: top
    entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027
    ou: test
    entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673
    creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
    createTimestamp: 20130121075148.083Z
    entryCSN: 20130121075148.083000Z#000000#001#000000
    administrativeRole: autonomousArea

[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- stored the cookie
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- starting handleSearchResult ------------
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- assigning the cookie from sync state value control: rid=009,csn=20130121075148.172000Z#000000#001#000000
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- state name MODIFY
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- modifying entry with dn ou=test,dc=bwidm,dc=de
[08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot
add a value which is already present : organizationalUnit
[08:51:48] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add
a value which is already present : organizationalUnit
        at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
        at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
        at org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
...
        at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217)
        at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563)
        at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726)
        at java.lang.Thread.run(Thread.java:636)
[08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ------------- Ending handleSearchResult ------------


                  
> Replication and Modification of ACIs
> ------------------------------------
>
>                 Key: DIRSERVER-1792
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1792
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M9
>         Environment: Linux 64bit
> OpenJDK Runtime Environment (IcedTea6 1.8.13) (6b18-1.8.13-0+squeeze2)
>            Reporter: Michael Simon
>
> Creating an ou with administrativeRole set works and replicates on the Slave nodes. Modifying
the administrativeRole to accessControlSpecificArea for example on an existing ou throws an
Exception:
> [13:04:07] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54
Cannot add a value which is already present : organizationalUnit
> [13:04:07] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
- ERR_54 Cannot add a value which is already present : organizationalUnit
> org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot
add a value which is already present : organizationalUnit
>         at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
>         at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
>         at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> More or less the same things happens with accessControlSubentries. Creating an entry
is working and replicating, but modifying the prescriptiveACI throws an exception:
> [13:10:58] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_52
Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.11
>  NAME 'accessControlSubentries'
>  DESC Used to track a subentry associated with access control areas
>  EQUALITY distinguishedNameMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>  NO-USER-MODIFICATION
>  USAGE directoryOperation
>  )
>         at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:716)
>         at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
>         at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message