Bug 621928 - Unable to enable replica (rdn problem?) on 1.2.6 rc6
Summary: Unable to enable replica (rdn problem?) on 1.2.6 rc6
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Replication - General
Version: 1.2.6
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 389_1.2.6 639035
TreeView+ depends on / blocked
 
Reported: 2010-08-06 14:14 UTC by Jonathan Boulle
Modified: 2015-12-07 16:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 16:37:03 UTC


Attachments (Terms of Use)
0001-621928-Unable-to-enable-replica-rdn-problem-on.patch (5.60 KB, patch)
2010-08-07 02:29 UTC, Rich Megginson
no flags Details | Diff
git patch file (389-ds-base-1.2.6) (15.73 KB, patch)
2010-08-09 18:12 UTC, Noriko Hosoi
nhosoi: review?
rmeggins: review+
Details | Diff

Description Jonathan Boulle 2010-08-06 14:14:39 UTC
===============
Description of problem:
Unable to enable replication on a new database in 1.2.6 RC6

===============
Version-Release number of selected component (if applicable):
389-ds-1.2.1-1.el5
389-admin-1.1.11-0.6.rc2.el5
389-ds-base-1.2.6-0.9.rc6.el5

===============
How reproducible:
Always, out of the box with a clean install of RC6

===============
Steps to Reproduce:
1) clean OS install (CentOS 5.4 x86_64 here), latest 389 packages
2) run setup-ds-admin.pl, .inf follows below [3]
3) add user for replication
[root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A=

adding new entry cn=replication manager,cn=config

4) attempt to add consumer replica entry
[root@389-master02 dirsrv]# /usr/lib64/mozldap/ldapmodify -a -D
"cn=directory manager" -w password
dn: cn=replica,cn="dc=example",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: dc=example
nsds5replicatype: 2
nsds5ReplicaBindDN: cn=replication manager,cn=config
nsds5replicaid: 0

adding new entry cn=replica,cn="dc=example",cn=mapping tree,cn=config
ldap_add: Operations error


5) Attempt to achieve same thing through GUI
- open directory server console
- Configuration tab
- expand Replication subtree
- click userRoot
- tick Enable Replica: Dedicated Consumer, add supplier DN
cn=replication manager,cn=config, all other settings default
- click Save

  
===============
Actual results:

Does not succeed.
At step 4), error [1] in /var/log/dirsrv/slapd-389-master02/errors
At step 5), error [2] in /var/log/dirsrv/slapd-389-master02/errors
At step 5), error box pops up:
Modification Failed
Operations error

===============
Expected results:

ldapmodify command succeeds, no error is returned, replication is enabled for the database

===============
Additional info:

[1]
[06/Aug/2010:10:11:14 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:11:14 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:11:14 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1

[2]
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin - replica_add_by_dn:
replica with dn (dc=example) already in the hash
[06/Aug/2010:10:18:57 +0100] entryrdn-index - _entryrdn_insert_key:
Suffix "dc=example" not found: DB_NOTFOUND: No matching key/data pair
found(-30989)
[06/Aug/2010:10:18:57 +0100] - add: attempt to index 1 failed
[06/Aug/2010:10:18:57 +0100] NSMMReplicationPlugin -
_replica_configure_ruv: failed to create replica ruv tombstone entry
(dc=example); LDAP error - 1


[3] inf file generated from setup-ds-admin.pl

[General]
AdminDomain = example
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = password
ConfigDirectoryLdapURL = ldap://389-master02.example:389/o=NetscapeRoot
FullMachineName = 389-master02.example
ServerRoot = /usr/lib64/dirsrv
SuiteSpotGroup = nobody
SuiteSpotUserID = nobody
prefix =

[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = password
ServerIpAddress = 0.0.0.0
SysUser = nobody

[slapd]
AddOrgEntries = No
AddSampleEntries = No
HashedRootDNPwd = {SSHA}6EaRiHdKMNtMmiVifR+6nXBmDjaTuzmLtkMt/A==
InstallLdifFile = none
RootDN = cn=Directory Manager
RootDNPwd = password
ServerIdentifier = 389-master02
ServerPort = 389
SlapdConfigForMC = yes
Suffix = dc=example
UseExistingMC = 0
bak_dir = /var/lib/dirsrv/slapd-389-master02/bak
bindir = /usr/bin
cert_dir = /etc/dirsrv/slapd-389-master02
config_dir = /etc/dirsrv/slapd-389-master02
datadir = /usr/share
db_dir = /var/lib/dirsrv/slapd-389-master02/db
ds_bename = userRoot
inst_dir = /usr/lib64/dirsrv/slapd-389-master02
ldif_dir = /var/lib/dirsrv/slapd-389-master02/ldif
localstatedir = /var
lock_dir = /var/lock/dirsrv/slapd-389-master02
log_dir = /var/log/dirsrv/slapd-389-master02
run_dir = /var/run/dirsrv
sbindir = /usr/sbin
schema_dir = /etc/dirsrv/slapd-389-master02/schema
sysconfdir = /etc
tmp_dir = /tmp

Comment 1 Rich Megginson 2010-08-06 17:14:43 UTC
The problem is that the entryrdn index does not like adding an entry without a real parent.  Because the database starts out empty
InstallLdifFile = none
AddOrgEntries = No
The RUV entry nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,dc=example has no parent entry dc=example.  This is ok for the id2entry index - there is a special case for the RUV tombstone entry.  But because of the hierarchical nature of the entryrdn, since dc=example doesn't exist, it won't add nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff.

The workaround is to use
InstallLdifFile = suggest
so that the dc=example entry and ou=people et. al. are created at setup time.

Noriko, how hard would it be to change entryrdn to allow for this exception?

Comment 2 Noriko Hosoi 2010-08-06 17:28:10 UTC
(In reply to comment #1)
> Noriko, how hard would it be to change entryrdn to allow for this exception?    

I was thinking the other way.  If the DB is empty, can we "initialize" it with the root suffix entry with minimum attributes?

Comment 3 Rich Megginson 2010-08-07 02:29:00 UTC
Created attachment 437292 [details]
0001-621928-Unable-to-enable-replica-rdn-problem-on.patch

Comment 4 Noriko Hosoi 2010-08-09 18:12:21 UTC
Created attachment 437670 [details]
git patch file (389-ds-base-1.2.6)

Description: RUV (nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,<suffix>)
needs to be allowed to add to the DB before <suffix> is added.  To allow
it, entryrdn prepares the rdn exception list (rdn_exceptions).  If the
to-be-added entry (in this case RUV; and currently only RUV is in the
list) is in the list, <suffix> is added to the entryrdn index with the
temporary entry ID 0 (note: not to the primary db file id2entry.db#).
When the suffix is indeed added to the DB, the temporary ID 0 is replaced
with the given real ID.

Files:
 ldap/servers/slapd/back-ldbm/dn2entry.c
 ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c

Comment 6 Noriko Hosoi 2010-08-09 18:49:03 UTC
Thank you so much for the discussions, testing and reviews, Rich!

Pushed to 389-ds-base-1.2.6

git push origin ds126-local:389-ds-base-1.2.6
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 3.31 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   b83e632..bf56b1d  ds126-local -> 389-ds-base-1.2.6

Pushed to master, as well.

$ git branch
  ds126-local
* master
$ git cherry-pick bf56b1d304449b2baf5c0ad628520cb1611b302d

$ git push
Counting objects: 15, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 3.32 KiB, done.
Total 8 (delta 6), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   b51757c..8fa94a3  master -> master


Note You need to log in before you can comment on or make changes to this bug.