Hello list,I am trying to setup referral chaining in a multi-master setup. I can setup chaining to one of the masters without any problems. And I can perform a MOD operation that is then referral chased and performed on the master.
However, when I define both masters the replica crashes when I do a MOD operation.
Snippet of cn=config from the working example:dn: olcDatabase={1}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {1}ldap
olcDbStartTLS: start starttls=yes
olcDbIDAssertAuthzFrom: {0}*
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbURI: ldap://ldap-m1.example.com
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical
bindmethod=simple timeout=0 network-timeout=0
binddn="cn=admin,dc=example,dc=com" credentials="secret" keepalive=0:0:0
starttls=yes tls_reqcert=allow
If I change olcDbURI to either of the entries below, the replica server crashes
* olcDbURI: "ldap://ldap-m1.example.com,ldap://ldap-m2.example.com"; * olcDbURI: "ldap://ldap-m1.example.com ldap://ldap-m2.example.com"; According to slapd-ldap(5), the URI list can be comma or space separated.I've turned on "args" and "trace" debugging to troubleshoot, but never get any errors in the logs. I only see an attempt to chase the referral followed by an immediate crash (see log snippet at the end of email).
Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also able to replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise.
Any help is much appreciated. -- Khosrow Ebrahimpour Crash Log: Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 modifications: Sep 8 21:07:23 ldap-rep1 slapd[20947]: replace: givenName Sep 8 21:07:23 ldap-rep1 slapd[20947]: one value, length 1Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD dn="uid=user1,ou=people,dc=example,dc=com"
Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD attr=givenNameSep 8 21:07:23 ldap-rep1 slapd[20947]: bdb_dn2entry("uid=user1,ou=people,dc=example,dc=com") Sep 8 21:07:23 ldap-rep1 slapd[20947]: => hdb_dn2id("ou=people,dc=example,dc=com")
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0x6Sep 8 21:07:23 ldap-rep1 slapd[20947]: => hdb_dn2id("uid=user1,ou=people,dc=example,dc=com")
Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0xe Sep 8 21:07:23 ldap-rep1 slapd[20947]: entry_decode: "" Sep 8 21:07:23 ldap-rep1 slapd[20947]: <= entry_decode() Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: conn=1000 op=1 p=3Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: err=10 matched="" text="" Sep 8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: referral="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com"; Sep 8 21:07:23 ldap-rep1 slapd[20947]: >>> dnPrettyNormal: <uid=user1,ou=people,dc=example,dc=com> Sep 8 21:07:23 ldap-rep1 slapd[20947]: <<< dnPrettyNormal: <uid=user1,ou=people,dc=example,dc=com>, <uid=user1,ou=people,dc=example,dc=com> Sep 8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 ldap_chain_op: ref="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com"; -> "ldap://ldap-m1.example.com"; Sep 8 21:09:02 ldap-rep1 slapd[21057]: @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $
buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
