directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: New to replication
Date Wed, 21 May 2014 15:56:07 GMT
On Wed, May 21, 2014 at 9:18 PM, Greg Barber <gbarber@aetn.org> wrote:

> I've gone back and changed the consumer log level from FATAL to DEBUG in
> the log4j.properties and ran the test again.  Here is what was logged on
> the slave server:
>
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - Response
> from totaraldap1.aetn.org:389 : MessageType : SEARCH_RESULT_ENTRY
> Message ID : 2
>     Search Result Entry
> Entry
>     dn[n]: cn=Test3,ou=Students,dc=test,dc=org
>     objectClass: person
>     objectClass: top
>     accessControlSubentries:
>
> 2.5.4.3=studentpermsissionsaci,0.9.2342.19200300.100.1.25=test,0.9.2342.19200300.100.1.25=org
>     accessControlSubentries:
>
> 2.5.4.3=testauthorizationrequirementsacisubentry,0.9.2342.19200300.100.1.25=test,0.9.2342.19200300.100.1.25=org
>
>     cn: Test3
>     sn: Three
>     entryParentId: db01d8bf-34ee-4a53-8d84-8b81dfde763e
>     entryDN: cn=Test3,ou=Students,dc=test,dc=org
>     entryUUID: 3f637825-cb0b-4e2f-ba2b-4c5e0c6495ac
>     creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
>     createTimestamp: 20140521140519.331Z
>     entryCSN: 20140521152309.880000Z#000000#001#000000
>     modifyTimestamp: 20140521152309.879Z
>     modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> SyncStateValue control :
>         oid : 1.3.6.1.4.1.4203.1.9.1.2
>         critical : false
>         syncStateType     : 'MODIFY'
>         entryUUID         : '0x3F 0x63 0x78 0x25 0xCB 0x0B 0x4E 0x2F 0xBA
> 0x2B 0x4C 0x5E 0x0C 0x64 0x95 0xAC '
>         cookie            : ''
>
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] -
> ------------- starting handleSearchResult ------------
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - state name
> MODIFY
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - entryUUID =
> 3f637825-cb0b-4e2f-ba2b-4c5e0c6495ac
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - modifying
> entry with dn cn=Test3,ou=Students,dc=test,dc=org
> [10:24:54] ERROR [org.apache.directory.server.CONSUMER_LOG] - ERR_52
> Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11
> NAME 'accessControlSubentries'
>         DESC 'Used to track a subentry associated with access control
> areas'
>         EQUALITY distinguishedNameMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>         NO-USER-MODIFICATION
>         USAGE directoryOperation
> )
> org.apache.directory.api.ldap.model.exception.LdapNoPermissionException:
>
ah, this was already fixed in trunk, see
https://issues.apache.org/jira/browse/DIRSERVER-1971
it will be available in version 2.0.0-M17
you can also build the trunk if you want to test

> ERR_52 Cannot modify the attribute : attributetype (
> 1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
>         DESC 'Used to track a subentry associated with access control
> areas'
>         EQUALITY distinguishedNameMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
>         NO-USER-MODIFICATION
>         USAGE directoryOperation
> )
>         at
>
> org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:721)
>         at
>
> org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1186)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:131)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.exception.ExceptionInterceptor.modify(ExceptionInterceptor.java:253)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.admin.AdministrativePointInterceptor.modify(AdministrativePointInterceptor.java:1456)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.modify(DefaultAuthorizationInterceptor.java:277)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.authz.AciAuthorizationInterceptor.modify(AciAuthorizationInterceptor.java:820)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.referral.ReferralInterceptor.modify(ReferralInterceptor.java:319)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:834)
>         at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
>         at
>
> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:216)
>         at
>
> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883)
>         at
>
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1215)
>         at
>
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:416)
>         at
>
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:778)
>         at
>
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:565)
>         at
> org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:739)
>         at java.lang.Thread.run(Thread.java:744)
> [10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] -
> ------------- Ending handleSearchResult ------------
> [10:24:54] DEBUG
> [org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
> MessageType : INTERMEDIATE_RESPONSE
> Message ID : 2
>     Intermediate Response
>         Response name :'1.3.6.1.4.1.4203.1.9.1.4'
>         ResponseValue :'0x80 0x34 0x72 0x69 0x64 0x3D 0x30 0x30 0x31 0x2C
> 0x63 0x73 0x6E 0x3D 0x32 0x30 0x31 0x34 0x30 0x35 0x32 0x31 0x31 0x35 0x32
> 0x33 0x30 0x39 0x2E 0x38 0x38 0x30 0x30 0x30 0x30 0x5A 0x23 0x30 0x30 0x30
> 0x30 0x30 0x30 0x23 0x30 0x30 0x31 0x23 0x30 0x30 0x30 0x30 0x30 0x30 '
>
>
> I guess there is an issue with the access control settings?
>
> users@directory.apache.org on Wednesday, May 21, 2014 at 8:15 AM -0500
> wrote:
> >As a test I changed the password for a user on the master server and
> >tailed the logs on both. I didn't see anything on the master server this
> >is what I saw on the slave:
> >
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Sending
> >request
> >MessageType : SEARCH_REQUEST
> >Message ID : 10889
> >    SearchRequest
> >        baseDn : 'dc=test,dc=org'
> >        filter : '(objectClass=*)'
> >        scope : base object
> >        typesOnly : false
> >        Size Limit : no limit
> >        Time Limit : no limit
> >        Deref Aliases : deref Always
> >        attributes : '1.1'
> >org.apache.directory.api.ldap.model.message.SearchRequestImpl@1716d836
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Adding
> ><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
> >MessageType : SEARCH_RESULT_ENTRY
> >Message ID : 10889
> >    Search Result Entry
> >Entry
> >    dn: dc=test,dc=org
> >
> > Message received <-------
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Getting
> ><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Search
> >entry found : MessageType : SEARCH_RESULT_ENTRY
> >Message ID : 10889
> >    Search Result Entry
> >Entry
> >    dn[n]: dc=test,dc=org
> >
> >
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
> >MessageType : SEARCH_RESULT_DONE
> >Message ID : 10889
> >    Search Result Done
> >        Ldap Result
> >            Result code : (SUCCESS) success
> >            Matched Dn : ''
> >            Diagnostic message : ''
> > Message received <-------
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Getting
> ><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Search
> >successful : MessageType : SEARCH_RESULT_DONE
> >Message ID : 10889
> >    Search Result Done
> >        Ldap Result
> >            Result code : (SUCCESS) success
> >            Matched Dn : ''
> >            Diagnostic message : ''
> >
> >[07:50:02] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Removing
> ><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
> >[07:50:07] DEBUG
> >[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Sending
> >request
> >
> >users@directory.apache.org on Tuesday, May 20, 2014 at 9:14 PM -0500
> >wrote:
> >>any error(s) in the logs?
> >>
> >>
> >>On Wed, May 21, 2014 at 4:01 AM, Greg Barber <gbarber@aetn.org> wrote:
> >>
> >>> I'm pretty new to LDAP/apacheds replication. I'm running 2.0.0-M16 on
> >>two
> >>> separate servers trying to get replication working from the master to
> >>the
> >>> slave, I would like to get multimaster replication in place but right
> >>now
> >>> I'm taking it one step at a time.  I've set up  a partition on the
> >>master
> >>> and have added entries and created a ou with two test user in it so far
> >>so
> >>> good.  I then used directory studio created the same partition on the
> >>> slave but didn't populate it. I also created a replication consumer
> >with
> >>> the new partition as the base dn on the slave by editing the
> >>configuration
> >>> file. I restarted the slave and it pulled everything thing over from
> >the
> >>> master great so far so good.  Where I'm having an issue is if I change
> >>an
> >>> attribute for a user like their password it is not being replicated
> >over
> >>> to the slave. I'm stumped why this is not getting replicated across.
> >>>
> >>>
> >>
> >>
> >>--
> >>Kiran Ayyagari
> >>http://keydap.com
> >
> >
>
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message