Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

olcSyncrepl always gets reapplied #15

Closed
MrPrimate opened this issue Jul 6, 2015 · 2 comments
Closed

olcSyncrepl always gets reapplied #15

MrPrimate opened this issue Jul 6, 2015 · 2 comments
Assignees
@bodgit
Labels
bug
Milestone
v1.1.1

Comments

@MrPrimate
Copy link

When the olcSyncrepl value is set, it always gets reapplied, even when no changes have been made:

Debug: Executing '/usr/sbin/slapcat -b cn=config -o ldif-wrap=no -H ldap:///???'
Notice: /Stage[main]/Openldap::Server::Config/Openldap[olcDatabase={3}hdb,cn=config]/attributes: attributes changed {'objectClass' => ['olcDatabaseConfig', 'olcHdbConfig'], 'olcAccess' => [ACCESSRULES], 'olcDatabase' => ['{3}hdb'], 'olcDbDirectory' => ['/var/lib/ldap/data'], 'olcDbIndex' => ['objectClass eq,pres', 'ou,cn,mail,surname,givenname eq,pres,sub', 'uidNumber,gidNumber,loginShell eq,pres', 'uid,memberUid eq,pres,sub', 'nisMapName,nisMapEntry eq,pres,sub', 'uniqueMember eq,pres', 'entryCSN,entryUUID eq'], 'olcLimits' => ['{0}dn.exact="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited'], 'olcMirrorMode' => ['TRUE'], 'olcRootDN' => ['cn=Manager,dc=dev,dc=website1,dc=com'], 'olcRootPW' => ['SECRET], 'olcSecurity' => ['tls=1'], 'olcSuffix' => ['dc=dev,dc=website1,dc=com'], 'olcSyncrepl' => ['{0}rid=001 provider=ldap://ldap01.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=secret logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes', '{1}rid=002 provider=ldap://ldap02.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=secret logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes']} to '{"objectClass"=>["olcDatabaseConfig", "olcHdbConfig"], "olcAccess"=>["ACCESSRULES"], "olcDatabase"=>["{3}hdb"], "olcDbDirectory"=>["/var/lib/ldap/data"], "olcDbIndex"=>["objectClass eq,pres", "ou,cn,mail,surname,givenname eq,pres,sub", "uidNumber,gidNumber,loginShell eq,pres", "uid,memberUid eq,pres,sub", "nisMapName,nisMapEntry eq,pres,sub", "uniqueMember eq,pres", "entryCSN,entryUUID eq"], "olcLimits"=>["{0}dn.exact=\"cn=Replicator,ou=system,dc=dev,dc=website1,dc=com\" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited"], "olcRootDN"=>["cn=Manager,dc=dev,dc=website1,dc=com"], "olcRootPW"=>["SECRET"], "olcSuffix"=>["dc=dev,dc=website1,dc=com"], "olcSyncrepl"=>["rid=001 provider=ldap://ldap01.dev.website1.com/ searchbase=\"dc=dev,dc=website1,dc=com\" bindmethod=simple binddn=\"cn=Replicator,ou=system,dc=dev,dc=website1,dc=com\" credentials=secret logbase=\"cn=log\" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog timeout=3 starttls=yes", "rid=002 provider=ldap://ldap02.dev.website1.com/ searchbase=\"dc=dev,dc=website1,dc=com\" bindmethod=simple binddn=\"cn=Replicator,ou=system,dc=dev,dc=website1,dc=com\" credentials=secret logbase=\"cn=log\" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog timeout=3 starttls=yes"], "olcMirrorMode"=>["TRUE"], "olcSecurity"=>["tls=1"]}'
Debug: dn: olcDatabase={3}hdb,cn=config
changetype: modify
replace: olcSyncrepl
olcSyncrepl: rid=001 provider=ldap://ldap01.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=secret logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes
olcSyncrepl: rid=002 provider=ldap://ldap02.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=secret logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes

Debug: Executing '/usr/bin/ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/openldap.olcDatabase={3}hdb,cn=config20150706-26103-1hp3yy'

Looking at the comparison a bit more it looks like it might be the {0} and {1} at the beginning of the string?

'olcSyncrepl' => [
'{0}rid=001 provider=ldap://ldap01.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=SECRET logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes', 
'{1}rid=002 provider=ldap://ldap02.dev.website1.com/ searchbase="dc=dev,dc=website1,dc=com" bindmethod=simple binddn="cn=Replicator,ou=system,dc=dev,dc=website1,dc=com" credentials=SECRET logbase="cn=log" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog timeout=3 starttls=yes']} 
"olcSyncrepl"=>[
"rid=001 provider=ldap://ldap01.dev.website1.com/ searchbase=\"dc=dev,dc=website1,dc=com\" bindmethod=simple binddn=\"cn=Replicator,ou=system,dc=dev,dc=website1,dc=com\" credentials=SECRET logbase=\"cn=log\" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog timeout=3 starttls=yes", 
"rid=002 provider=ldap://ldap02.dev.website1.com/ searchbase=\"dc=dev,dc=website1,dc=com\" bindmethod=simple binddn=\"cn=Replicator,ou=system,dc=dev,dc=website1,dc=com\" credentials=SECRET logbase=\"cn=log\" logfilter=\"(&(objectClass=auditWriteObject)(reqResult=0))\" schemachecking=on type=refreshAndPersist retry=\"60 +\" syncdata=accesslog timeout=3 starttls=yes"],
@bodgit bodgit added the bug label Jul 6, 2015
@bodgit bodgit self-assigned this Jul 6, 2015
@bodgit bodgit modified the milestones: v1.2.0, v1.1.1 Jul 6, 2015
bodgit added a commit that referenced this issue Jul 6, 2015
@bodgit
(#15) Fix idempotency for olcSyncrepl attribute
9190471 
The positional `{x}` prefix was not being explicitly added to the attribute
values but slapd was adding them resulting in a difference on each run.

The test case was wrong (now corrected) and the `openldap_values()` function
has been updated to prune out any nil or empty string values prior to adding
the prefix.
@bodgit
Copy link
Owner

bodgit commented Jul 6, 2015

Yup, the values should have been prefixed internally to match what slapd will do implicitly. What masked the issue slightly was that my test cases were also wrong; once I fixed them the issue showed up 😉

@bodgit bodgit closed this as completed Jul 6, 2015
@MrPrimate
Copy link
Author

Ah, excellent, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bodgit bodgit

Labels
bug
Projects
None yet
Milestone
v1.1.1
Development

No branches or pull requests
2 participants
@bodgit @MrPrimate