directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Barber" <gbar...@aetn.org>
Subject Re: New to replication
Date Wed, 21 May 2014 15:48:42 GMT
I've gone back and changed the consumer log level from FATAL to DEBUG in
the log4j.properties and ran the test again.  Here is what was logged on
the slave server:

[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - Response
from totaraldap1.aetn.org:389 : MessageType : SEARCH_RESULT_ENTRY
Message ID : 2
    Search Result Entry
Entry
    dn[n]: cn=Test3,ou=Students,dc=test,dc=org
    objectClass: person
    objectClass: top
    accessControlSubentries:
2.5.4.3=studentpermsissionsaci,0.9.2342.19200300.100.1.25=test,0.9.2342.19200300.100.1.25=org
    accessControlSubentries:
2.5.4.3=testauthorizationrequirementsacisubentry,0.9.2342.19200300.100.1.25=test,0.9.2342.19200300.100.1.25=org

    cn: Test3
    sn: Three
    entryParentId: db01d8bf-34ee-4a53-8d84-8b81dfde763e
    entryDN: cn=Test3,ou=Students,dc=test,dc=org
    entryUUID: 3f637825-cb0b-4e2f-ba2b-4c5e0c6495ac
    creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
    createTimestamp: 20140521140519.331Z
    entryCSN: 20140521152309.880000Z#000000#001#000000
    modifyTimestamp: 20140521152309.879Z
    modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system   
SyncStateValue control :
        oid : 1.3.6.1.4.1.4203.1.9.1.2
        critical : false
        syncStateType     : 'MODIFY'
        entryUUID         : '0x3F 0x63 0x78 0x25 0xCB 0x0B 0x4E 0x2F 0xBA
0x2B 0x4C 0x5E 0x0C 0x64 0x95 0xAC '
        cookie            : ''

[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] -
------------- starting handleSearchResult ------------
[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - state name
MODIFY
[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - entryUUID =
3f637825-cb0b-4e2f-ba2b-4c5e0c6495ac
[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] - modifying
entry with dn cn=Test3,ou=Students,dc=test,dc=org
[10:24:54] ERROR [org.apache.directory.server.CONSUMER_LOG] - ERR_52
Cannot modify the attribute : attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.11
NAME 'accessControlSubentries'
        DESC 'Used to track a subentry associated with access control
areas'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
        NO-USER-MODIFICATION
        USAGE directoryOperation
)
org.apache.directory.api.ldap.model.exception.LdapNoPermissionException:
ERR_52 Cannot modify the attribute : attributetype (
1.3.6.1.4.1.18060.0.4.1.2.11 NAME 'accessControlSubentries'
        DESC 'Used to track a subentry associated with access control
areas'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
        NO-USER-MODIFICATION
        USAGE directoryOperation
)
        at
org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:721)
        at
org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1186)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:131)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.exception.ExceptionInterceptor.modify(ExceptionInterceptor.java:253)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.admin.AdministrativePointInterceptor.modify(AdministrativePointInterceptor.java:1456)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.modify(DefaultAuthorizationInterceptor.java:277)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.authz.AciAuthorizationInterceptor.modify(AciAuthorizationInterceptor.java:820)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.referral.ReferralInterceptor.modify(ReferralInterceptor.java:319)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:834)
        at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:587)
        at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:216)
        at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883)
        at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1215)
        at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:416)
        at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:778)
        at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:565)
        at
org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:739)
        at java.lang.Thread.run(Thread.java:744)
[10:24:54] DEBUG [org.apache.directory.server.CONSUMER_LOG] -
------------- Ending handleSearchResult ------------
[10:24:54] DEBUG
[org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
MessageType : INTERMEDIATE_RESPONSE
Message ID : 2
    Intermediate Response
        Response name :'1.3.6.1.4.1.4203.1.9.1.4'
        ResponseValue :'0x80 0x34 0x72 0x69 0x64 0x3D 0x30 0x30 0x31 0x2C
0x63 0x73 0x6E 0x3D 0x32 0x30 0x31 0x34 0x30 0x35 0x32 0x31 0x31 0x35 0x32
0x33 0x30 0x39 0x2E 0x38 0x38 0x30 0x30 0x30 0x30 0x5A 0x23 0x30 0x30 0x30
0x30 0x30 0x30 0x23 0x30 0x30 0x31 0x23 0x30 0x30 0x30 0x30 0x30 0x30 '


I guess there is an issue with the access control settings?

users@directory.apache.org on Wednesday, May 21, 2014 at 8:15 AM -0500
wrote:
>As a test I changed the password for a user on the master server and
>tailed the logs on both. I didn't see anything on the master server this
>is what I saw on the slave:
>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Sending
>request
>MessageType : SEARCH_REQUEST
>Message ID : 10889
>    SearchRequest
>        baseDn : 'dc=test,dc=org'
>        filter : '(objectClass=*)'
>        scope : base object
>        typesOnly : false
>        Size Limit : no limit
>        Time Limit : no limit
>        Deref Aliases : deref Always
>        attributes : '1.1'
>org.apache.directory.api.ldap.model.message.SearchRequestImpl@1716d836
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Adding
><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
>MessageType : SEARCH_RESULT_ENTRY
>Message ID : 10889
>    Search Result Entry
>Entry
>    dn: dc=test,dc=org
>
> Message received <-------
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Getting
><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Search
>entry found : MessageType : SEARCH_RESULT_ENTRY
>Message ID : 10889
>    Search Result Entry
>Entry
>    dn[n]: dc=test,dc=org
>
>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - ------->
>MessageType : SEARCH_RESULT_DONE
>Message ID : 10889
>    Search Result Done
>        Ldap Result
>            Result code : (SUCCESS) success
>            Matched Dn : ''
>            Diagnostic message : ''
> Message received <-------
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Getting
><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Search
>successful : MessageType : SEARCH_RESULT_DONE
>Message ID : 10889
>    Search Result Done
>        Ldap Result
>            Result code : (SUCCESS) success
>            Matched Dn : ''
>            Diagnostic message : ''
>
>[07:50:02] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Removing
><10889, org.apache.directory.ldap.client.api.future.SearchFuture>
>[07:50:07] DEBUG
>[org.apache.directory.ldap.client.api.LdapNetworkConnection] - Sending
>request
>
>users@directory.apache.org on Tuesday, May 20, 2014 at 9:14 PM -0500
>wrote:
>>any error(s) in the logs?
>>
>>
>>On Wed, May 21, 2014 at 4:01 AM, Greg Barber <gbarber@aetn.org> wrote:
>>
>>> I'm pretty new to LDAP/apacheds replication. I'm running 2.0.0-M16 on
>>two
>>> separate servers trying to get replication working from the master to
>>the
>>> slave, I would like to get multimaster replication in place but right
>>now
>>> I'm taking it one step at a time.  I've set up  a partition on the
>>master
>>> and have added entries and created a ou with two test user in it so far
>>so
>>> good.  I then used directory studio created the same partition on the
>>> slave but didn't populate it. I also created a replication consumer
>with
>>> the new partition as the base dn on the slave by editing the
>>configuration
>>> file. I restarted the slave and it pulled everything thing over from
>the
>>> master great so far so good.  Where I'm having an issue is if I change
>>an
>>> attribute for a user like their password it is not being replicated
>over
>>> to the slave. I'm stumped why this is not getting replicated across.
>>>
>>>
>>
>>
>>-- 
>>Kiran Ayyagari
>>http://keydap.com
>
>



Mime
View raw message