directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From houmles <houm...@gmail.com>
Subject Re: replication partially working
Date Fri, 11 May 2012 09:12:29 GMT
Guys i found the problem and don't know how to solve it..
DN's which have ACLs on them (administrativerole, accesscontrolsubentry)
don't replicate attributes even when I grant everything for everyone.
When i remove ACLs, everything works.
I tested this on both master and slave clear servers, just added new
partition, DN and ACL on it.
I suppose this is not intended. Maybe its bug?

On 05/10/2012 01:01 PM, Kiran Ayyagari wrote:
> try with a clean slave and see if you get the same error (it shouldn't
> happen, report here otherwise will take a look)
>
> On Thu, May 10, 2012 at 4:28 PM, houmles <houmles@gmail.com> wrote:
>> maybe, but i really don't remember, i did lot of experiments to get full
>> replication working
>>
>> On 05/10/2012 12:46 PM, Kiran Ayyagari wrote:
>>> did you, by any chance, modify the password of the user in slave to the same
>>> value that is being replicated later?
>>>
>>> On Thu, May 10, 2012 at 4:01 PM, houmles <houmles@gmail.com> wrote:
>>>> i have only 2 test users on that ldap, i am in testing phase before
>>>> deploying to live so definitely no one changing password.
>>>> this error popups in the same time as i changed the value and slave
>>>> tried to sync.
>>>>
>>>> On 05/10/2012 12:26 PM, Kiran Ayyagari wrote:
>>>>> this error is not related to replication, it is a password policy related
error
>>>>> some user is trying to change the password but is giving a value that
he has
>>>>> used earlier as password.
>>>>>
>>>>>
>>>>> On Thu, May 10, 2012 at 3:53 PM, houmles <houmles@gmail.com> wrote:
>>>>>> This error shows on slave server. I happens only when i tried to
modify
>>>>>> any attribute. DN syncing works and don't have any errors.
>>>>>>
>>>>>> jvm 1    | [12:18:39] ERROR
>>>>>> [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl]
>>>>>> - invalid reuse of password present in password history
>>>>>> jvm 1    |
>>>>>> org.apache.directory.shared.ldap.model.exception.LdapOperationException:
>>>>>> invalid reuse of password present in password history
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:248)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:660)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:590)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:564)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:985)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResult(ReplicationConsumerImpl.java:361)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:618)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:505)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:548)
>>>>>> jvm 1    |     at
>>>>>> org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)
>>>>>> jvm 1    |     at java.lang.Thread.run(Thread.java:722)
>>>>>>
>>>>>> On 05/10/2012 11:23 AM, Kiran Ayyagari wrote:
>>>>>>> this looks valid, do you have any error logs?
>>>>>>>
>>>>>>> On Thu, May 10, 2012 at 2:09 PM, houmles <houmles@gmail.com>
wrote:
>>>>>>>> here it is:
>>>>>>>>
>>>>>>>> dn: ads-replconsumerid=1,ou=replConsumers,ads-serverId=ldapServer,ou=servers
>>>>>>>>  ,ads-directoryServiceId=default,ou=config
>>>>>>>> objectclass: top
>>>>>>>> objectclass: ads-base
>>>>>>>> objectclass: ads-replConsumer
>>>>>>>> ads-replaliasderefmode: never
>>>>>>>> ads-replattributes: *
>>>>>>>> ads-replconsumerid: 1
>>>>>>>> ads-replprovhostname: x.x.x.x
>>>>>>>> ads-replprovport: 10389
>>>>>>>> ads-replrefreshinterval: 60000
>>>>>>>> ads-replrefreshnpersist: true
>>>>>>>> ads-replsearchfilter: (objectClass=*)
>>>>>>>> ads-replsearchscope: sub
>>>>>>>> ads-replsearchsizelimit: 0
>>>>>>>> ads-replsearchtimeout: 0
>>>>>>>> ads-repluserdn: uid=admin,ou=system
>>>>>>>> ads-repluserpassword:: xxxxxxxxx
>>>>>>>> ads-searchbasedn: dc=xxx,dc=xx
>>>>>>>> ads-replstrictcertvalidation: false
>>>>>>>> ads-replusetls: false
>>>>>>>>
>>>>>>>> On 05/10/2012 10:29 AM, Kiran Ayyagari wrote:
>>>>>>>>> can you provide the complete entry data with DN
>>>>>>>>>
>>>>>>>>> ads-replConsumerId=<whatever-id-you-have-here>,ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
>>>>>>>>>
>>>>>>>>> (remove the seerver IP and user credentials if they are
sensitive)
>>>>>>>>>
>>>>>>>>> On Thu, May 10, 2012 at 1:38 PM, houmles <houmles@gmail.com>
wrote:
>>>>>>>>>> ups, forgot to mention 2.0.0-M6
>>>>>>>>>>
>>>>>>>>>> On 05/10/2012 10:00 AM, Emmanuel Lécharny wrote:
>>>>>>>>>>> Le 5/10/12 9:48 AM, houmles a écrit :
>>>>>>>>>>>> Hi,
>>>>>>>>>>> Hi,
>>>>>>>>>>>> I have fully working one ADS and want to
replicate it to another. I
>>>>>>>>>>>> followed some tutorial and managed to replicate
it but only just DN's. I
>>>>>>>>>>>> can't get to sync attributes inside.
>>>>>>>>>>>>
>>>>>>>>>>>> My setting are:
>>>>>>>>>>>> ads-replsearchfilter: (objectClass=*)
>>>>>>>>>>>> ads-replsearchscope: sub
>>>>>>>>>>>>
>>>>>>>>>>>> is that ok?
>>>>>>>>>>>> I want to achieve full 1:1 replication.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>> Which ADS version are you using ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>
>
>

Mime
View raw message