On Wednesday 29 September 2010 14:04:38 Gerrard Geldenhuis wrote:
> Hi
> I have setup chaining but it is not working at all and I am not sure how to
> debug it further.
>
> I am using:
> 389-admin-1.1.11-0.6.rc2.el5
> 389-admin-console-1.1.5-1.el5
> 389-admin-console-doc-1.1.5-1.el5
> 389-adminutil-1.1.8-4.el5
> 389-console-1.1.4-1.el5
> 389-ds-1.2.1-1.el5
> 389-ds-base-1.2.6-0.11.rc7.el5
> 389-ds-console-1.2.3-1.el5
> 389-ds-console-doc-1.2.3-1.el5
> 389-dsgw-1.1.5-1.el5
>
> The setup is 4 servers, two multimasters and two consumers. Client can only
> speak to the consumers and thus referrals won't work.
>
>
> I have used the following ldif to setup chaining:
>
> dn: cn=chainingBackend,cn=chaining database,cn=plugins,cn=config
> changetype: add
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsBackendInstance
> cn: chainingBackend
> nsslapd-suffix: dc=mycompany
> nsmultiplexorbinddn: cn=replication manager,cn=config
> nsusestarttls: on
> nsfarmserverurl: ldaps://masterfqdn1:636 masterfqdn2:636/
> nsmultiplexorcredentials: {SSHA}blah
> nsbindconnectionslimit: 5
> nsconcurrentoperationslimit: 5
> nsconnectionlife: 130
> nsbindtimeout: 3
> nsbindretrylimit: 3
> nsmaxresponsedelay: 3
> nsmaxtestresponsedelay: 5
>
> dn: cn=dc\3dmycompany,cn=mapping tree,cn=config
> changetype: modify
> add: nsslapd-backend
> nsslapd-backend: chainingBackend
> -
> replace: nsslapd-state
> nsslapd-state: backend
> -
> replace: nsslapd-distribution-plugin
> nsslapd-distribution-plugin:
> /usr/lib64/dirsrv/plugins/libreplication-plugin.so -
> replace: nsslapd-distribution-funct
> nsslapd-distribution-funct: repl_chain_on_update
>
>
> dn: cn=config,cn=chaining database,cn=plugins,cn=config
> changetype: modify
> add: nsTransmittedControls
> nsTransmittedControls: 2.16.840.1.113730.3.4.12
>
> The ACI has been created to allow the Replication Manager user proxy
> access.
>
> When I run the following on the client:
>
> dn: uid=john,ou=people,dc=mycompany
> changetype: modify
> add: mobile
> mobile: 1234
>
> The entry gets added but only locally, it thus seems to be completely
> ignoring the chaining I have setup. I see the following in the consumer
> log after creation:
>
> [29/Sep/2010:13:00:11 +0000] start_tls - Received extended operation
> request with OID 1.3.6.1.4.1.1466.20037 [29/Sep/2010:13:00:11 +0000]
> start_tls - Start TLS extended operation request confirmed.
> [29/Sep/2010:13:00:11 +0000] start_tls - Start TLS request accepted.Server
> willing to negotiate SSL. [29/Sep/2010:13:00:11 +0000] start_tls -
> Starting SSL Handshake.
> [29/Sep/2010:13:00:11 +0000] NS7bitAttr - MODIFY begin
> [29/Sep/2010:13:00:11 +0000] NSMMReplicationPlugin - Purged state
> information from entry uid=rytis,ou=People,dc=betfair up to CSN
> 4c99ec08000000010000 [29/Sep/2010:13:00:12 +0000] roles-plugin - -->
> roles_post_op
> [29/Sep/2010:13:00:12 +0000] roles-plugin - --> roles_cache_change_notify
> [29/Sep/2010:13:00:12 +0000] roles-plugin - <-- roles_cache_change_notify:
> not a role entry [29/Sep/2010:13:00:12 +0000] roles-plugin - <--
> roles_post_op
>
>
> There is some other replay failure errors which I am not sure is related.
> Having done the the test twice I did not see the replay errors again in
> the master log. I am going to simplify my test environment as I currently
> have 4 servers which all are verbal about replication and I multimaster
> netscapedb which adds to the complications.
>
> I have enabled Replication and Plug-ins for the error log, is there any
> other recommended logs that I should enable that can assist me in
> debugging chaining issues.
Hi,
I am working with Gerrard on this issue. I took some packet captures and it
would seem that chaining in fact picks up updates but it does not handle them
properly.
Our design is:
Client ----> Slave ----> Master
We chain all updates on slave to master and client only has access to slave.
We also have replication from master to slave.
When I try to make an update here is what happens between client and slave:
bindRequest(1) "uid=xxxx,ou=People,dc=xxxx" simple
bindResponse(1) success
modifyRequest(2) "uid=xxx,ou=people,dc=xxx"
modifyResponse(2) operationsError
unbindRequest(3)
At the same time between slave and master:
searchRequest(1) "<ROOT>" baseObject
searchResEntry(1) "<ROOT>" | searchResDone(1) success [1 result]
unbindRequest(2)
This does not look correct (no modification request at all goes to master).
Does anybody know what the problem could be or where to look for it?
> Best Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Jacek Nykis
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
