directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Gilmer" <brett.gil...@tklabs.com>
Subject RE: Replication between ApacheDS and openLDAP
Date Wed, 04 Feb 2015 13:34:30 GMT
Could this be a configuration issue on either side, or is the sync between ApacheDS and OpenLDAP
not supported?  The issue, as presented, looks surmountable; however I don't want to go down
a road that is known to be full of landmines.  


-----Original Message-----
From: Kiran Ayyagari [mailto:kayyagari@apache.org] 
Sent: Tuesday, February 03, 2015 5:59 PM
To: users@directory.apache.org
Subject: Re: Replication between ApacheDS and openLDAP

On Wed, Feb 4, 2015 at 1:20 AM, Brett Gilmer <brett.gilmer@tklabs.com>
wrote:

> Apache DS Team -
>
>
>
>
>
> I am trying to set up replication between an openLDAP and an ApacheDS.  
> The ApacheDS is the provider.
>
>
>
> What I am seeing is that openLDAP, when it tries to sync (consumer), 
> will often send a cookie that ApacheDS doesn't like.  Once this 
> happens, there is no recovery.
>
>
>
> In the example below, openLDAP is sending a cookie that is too long 
> (looks like 2 timestamps with a  semicolon).
>
> I also have issues where the clearing of the cookie on openLDAP sends 
> a cookie with an RID but no timestamp, while Apache expects a totally 
> blank cookie.
>
>
>
> Has anyone else seen this?  I am stuck with openLDAP on the consumer 
> side (it is embedded in an internet appliance).
>
>
>
>
>
> Thanks
>
>
>
>
>
>
>
> from LdapSession :
> <0.9.2342.19200300.100.1.1=admin,2.5.4.11=system,/50.73.4.13:3960>
>
> [14:29:37] DEBUG [org.apache.directory.server.PROVIDER_LOG] - Received 
> a replication request MessageType : SEARCH_REQUEST
>
> Message ID : 1251
>
>     SearchRequest
>
>         baseDn : 'dc=example,dc=com'
>
>         filter : '(objectClass=*)'
>
>         scope : whole subtree
>
>         typesOnly : false
>
>         Size Limit : no limit
>
>         Time Limit : no limit
>
>         Deref Aliases : never Deref Aliases
>
>         attributes : '*', '+'
>
> org.apache.directory.api.ldap.model.message.SearchRequestImpl@3f673bcb
> SyncRequestValue control :
>
>         oid : 1.3.6.1.4.1.4203.1.9.1.1
>
>         critical : false
>
>         mode              : 'REFRESH_AND_PERSIST'
>
>         cookie            : '0x72 0x69 0x64 0x3D 0x33 0x30 0x30 0x2C 0x63
> 0x73 0x6E 0x3D 0x32 0x30 0x31 0x34 0x31 0x32 0x32 0x39 0x31 0x36 0x30 
> 0x34
> 0x34 0x34 0
>
> x2E 0x38 0x34 0x31 0x32 0x30 0x34 0x5A 0x23 0x30 0x30 0x30 0x30 0x30 
> 0x30
> 0x23 0x30 0x30 0x30 0x23 0x30 0x30 0x30 0x30 0x30 0x30 0x3B 0x32 0x30 
> 0x31
> 0x35 0x30 0
>
> x31 0x31 0x37 0x31 0x38 0x33 0x37 0x32 0x36 0x2E 0x38 0x31 0x32 0x30 
> 0x30
> 0x30 0x5A 0x23 0x30 0x30 0x30 0x30 0x30 0x30 0x23 0x30 0x30 0x31 0x23 
> 0x30
> 0x30 0x30 0
>
> x30 0x30 0x30 '
>
>         reloadHint : 'true'
>
>     ManageDsaITImpl Control
>
>         Type OID    : '2.16.840.1.113730.3.4.2'
>
>         Criticality : 'true'
>
> '
>
> with a cookie
>
> 'rid=300,csn=20141229160444.841204Z#000000#000#000000;20150117183726.8
> 12000Z
> #000000#001#000000'
>
> [14:29:37] ERROR [org.apache.directory.server.PROVIDER_LOG] - received 
> an invalid cookie
> rid=300,csn=20141229160444.841204Z#000000#000#000000;20150117183726.81
> 2
>
> 000Z#000000#001#000000 from the consumer with session LdapSession :
>
here there are two CSNs in the cookie, ApacheDS is treating the entire string after RID as
a CSN, which is leading to this issue.

the spec[1] is not really clear about the format of cookie, I wish we could amend this.

[1] http://tools.ietf.org/html/rfc4533#section-2.1.2

> <0.9.2342.19200300.100.1.1=admin,2.5.4.11=system,/50.73.4.13:3960>
>
> [14:29:37] DEBUG [org.apache.directory.server.PROVIDER_LOG] - Received 
> a Syncrepl request : MessageType : SEARCH_REQUEST
>
> 1,1           Top
>
>


--
Kiran Ayyagari
http://keydap.com


Mime
View raw message