Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 2.0.0-M9
    • Fix Version/s: 2.0.0-M10
    • Component/s: None
    • Labels:
      None
    • Environment:
      Linux 64bit
      OpenJDK Runtime Environment (IcedTea6 1.8.13) (6b18-1.8.13-0+squeeze2)

      Description

      Creating an ou with administrativeRole set works and replicates on the Slave nodes. Modifying the administrativeRole to accessControlSpecificArea for example on an existing ou throws an Exception:

      [13:04:07] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot add a value which is already present : organizationalUnit
      [13:04:07] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ERR_54 Cannot add a value which is already present : organizationalUnit
      org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add a value which is already present : organizationalUnit
      at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
      at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
      at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)

      More or less the same things happens with accessControlSubentries. Creating an entry is working and replicating, but modifying the prescriptiveACI throws an exception:

      [13:10:58] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.11
      NAME 'accessControlSubentries'
      DESC Used to track a subentry associated with access control areas
      EQUALITY distinguishedNameMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
      NO-USER-MODIFICATION
      USAGE directoryOperation
      )

      at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:716)
      at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
      at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)

      1. repl-problem.zip
        16 kB
        Michael Simon

        Activity

        Hide
        Emmanuel Lecharny added a comment -

        The accessControlSubentries AT has a NO-USER-MODIFICATION type, which means you can't modify its content.

        The only solution would be to delete it and recreate it.

        The former error is a different beast. We need to investigate.

        Show
        Emmanuel Lecharny added a comment - The accessControlSubentries AT has a NO-USER-MODIFICATION type, which means you can't modify its content. The only solution would be to delete it and recreate it. The former error is a different beast. We need to investigate.
        Hide
        Kiran Ayyagari added a comment -

        Am able to add an OU with an administrativeRole initially set to autonomousArea and later changed it to accessControlSpecificArea , both changes
        were replicated successfully.

        Is it possible to give us more detail about the issue you are having. Please provide us the data in LDIF if possible.

        Show
        Kiran Ayyagari added a comment - Am able to add an OU with an administrativeRole initially set to autonomousArea and later changed it to accessControlSpecificArea , both changes were replicated successfully. Is it possible to give us more detail about the issue you are having. Please provide us the data in LDIF if possible.
        Hide
        Michael Simon added a comment - - edited

        Thanks for going in details. I understand that accessControlSubentries have NO-USER-MODIFICATION set. But i could change values on the master node using Directory Studio. Perhaps it made the delete-create operation in the background? I'll check this later.

        For the LDIF that triggers the first error:

        dn: ou=test,dc=bwidm,dc=de
        changetype: add
        objectClass: top
        objectClass: organizationalUnit
        ou: test
        administrativeRole: autonomousArea

        dn: ou=test,dc=bwidm,dc=de
        changetype: modify
        replace: administrativeRole
        administrativeRole: accessControlSpecificArea
        -

        Logging on the master says:
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] - logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener] - sending event ADD of entry ou=test,dc=bwidm,dc=de
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] - logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener] - sending event MODIFY of entry ou=test,dc=bwidm,dc=de

        On the slave node:

        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- starting handleSearchResult ------------
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - assigning the cookie from sync state value control: rid=009,csn=20130121075148.083000Z#000000#001#000000
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - state name ADD
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - adding entry with dn ou=test,dc=bwidm,dc=de
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - Entry
        dn[n]: ou=test,dc=bwidm,dc=de
        objectClass: organizationalUnit
        objectClass: top
        entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027
        ou: test
        entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673
        creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
        createTimestamp: 20130121075148.083Z
        entryCSN: 20130121075148.083000Z#000000#001#000000
        administrativeRole: autonomousArea

        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - stored the cookie
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- Ending handleSearchResult ------------
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- starting handleSearchResult ------------
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - assigning the cookie from sync state value control: rid=009,csn=20130121075148.172000Z#000000#001#000000
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - state name MODIFY
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - modifying entry with dn ou=test,dc=bwidm,dc=de
        [08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot add a value which is already present : organizationalUnit
        [08:51:48] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ERR_54 Cannot add a value which is already present : organizationalUnit
        org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add a value which is already present : organizationalUnit
        at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739)
        at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
        at org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113)
        at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
        ...
        at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217)
        at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773)
        at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563)
        at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726)
        at java.lang.Thread.run(Thread.java:636)
        [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- Ending handleSearchResult ------------

        Show
        Michael Simon added a comment - - edited Thanks for going in details. I understand that accessControlSubentries have NO-USER-MODIFICATION set. But i could change values on the master node using Directory Studio. Perhaps it made the delete-create operation in the background? I'll check this later. For the LDIF that triggers the first error: dn: ou=test,dc=bwidm,dc=de changetype: add objectClass: top objectClass: organizationalUnit ou: test administrativeRole: autonomousArea dn: ou=test,dc=bwidm,dc=de changetype: modify replace: administrativeRole administrativeRole: accessControlSpecificArea - Logging on the master says: [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] - logging entry with Dn ou=test,dc=bwidm,dc=de with the event ADD [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener] - sending event ADD of entry ou=test,dc=bwidm,dc=de [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.ReplicaEventLog] - logging entry with Dn ou=test,dc=bwidm,dc=de with the event MODIFY [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.provider.SyncReplSearchListener] - sending event MODIFY of entry ou=test,dc=bwidm,dc=de On the slave node: [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- starting handleSearchResult ------------ [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - assigning the cookie from sync state value control: rid=009,csn=20130121075148.083000Z#000000#001#000000 [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - state name ADD [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673 [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - adding entry with dn ou=test,dc=bwidm,dc=de [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - Entry dn [n] : ou=test,dc=bwidm,dc=de objectClass: organizationalUnit objectClass: top entryParentId: b70660f2-5d42-443a-b976-f3bddfc9a027 ou: test entryUUID: 29cee84e-cabe-47d4-9b8b-2e4ed7145673 creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system createTimestamp: 20130121075148.083Z entryCSN: 20130121075148.083000Z#000000#001#000000 administrativeRole: autonomousArea [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - stored the cookie [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- Ending handleSearchResult ------------ [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- starting handleSearchResult ------------ [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - assigning the cookie from sync state value control: rid=009,csn=20130121075148.172000Z#000000#001#000000 [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - state name MODIFY [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - entryUUID = 29cee84e-cabe-47d4-9b8b-2e4ed7145673 [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - modifying entry with dn ou=test,dc=bwidm,dc=de [08:51:48] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot add a value which is already present : organizationalUnit [08:51:48] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ERR_54 Cannot add a value which is already present : organizationalUnit org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add a value which is already present : organizationalUnit at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:739) at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1184) at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) at org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113) at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) ... at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:217) at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782) at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:1212) at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResultEntry(ReplicationConsumerImpl.java:406) at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:773) at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:563) at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:726) at java.lang.Thread.run(Thread.java:636) [08:51:48] DEBUG [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ------------- Ending handleSearchResult ------------
        Hide
        Michael Simon added a comment - - edited

        Mhh, it also happens with this, much simpler operation.

        dn: ou=test,dc=bwidm,dc=de
        changetype: add
        objectClass: top
        objectClass: organizationalUnit
        ou: test

        dn: uid=test-user,ou=test,dc=bwidm,dc=de
        objectClass: top
        objectClass: inetOrgPerson
        objectClass: person
        objectClass: organizationalPerson
        cn: Test
        sn: Test 1
        uid: test-user

        dn: uid=test-user,ou=test,dc=bwidm,dc=de
        changetype: modify
        replace: sn
        sn: Test 2
        -

        I think i'll delete my data directory and start fresh. Then i'll try replicating ou=users,ou=system. Next step is dc=example,dc=com. Then my own partition. I won't dismiss the possibility that there is some misconfiguration on my side

        Show
        Michael Simon added a comment - - edited Mhh, it also happens with this, much simpler operation. dn: ou=test,dc=bwidm,dc=de changetype: add objectClass: top objectClass: organizationalUnit ou: test dn: uid=test-user,ou=test,dc=bwidm,dc=de objectClass: top objectClass: inetOrgPerson objectClass: person objectClass: organizationalPerson cn: Test sn: Test 1 uid: test-user dn: uid=test-user,ou=test,dc=bwidm,dc=de changetype: modify replace: sn sn: Test 2 - I think i'll delete my data directory and start fresh. Then i'll try replicating ou=users,ou=system. Next step is dc=example,dc=com. Then my own partition. I won't dismiss the possibility that there is some misconfiguration on my side
        Hide
        Michael Simon added a comment - - edited

        I added a zip file with a description that triggers the problem from a fresh install.

        Show
        Michael Simon added a comment - - edited I added a zip file with a description that triggers the problem from a fresh install.
        Hide
        Michael Simon added a comment -

        Okay, problem solved. I Built rev 1436201 from tunk and did the same procedure and the problem vanished.

        Show
        Michael Simon added a comment - Okay, problem solved. I Built rev 1436201 from tunk and did the same procedure and the problem vanished.
        Hide
        Michael Simon added a comment -

        Already fixed in trunk.

        Show
        Michael Simon added a comment - Already fixed in trunk.
        Hide
        Kiran Ayyagari added a comment -

        Ah good, thanks for testing and the report.

        Show
        Kiran Ayyagari added a comment - Ah good, thanks for testing and the report.
        Hide
        Emmanuel Lecharny added a comment -

        Closed all the resolved issues

        Show
        Emmanuel Lecharny added a comment - Closed all the resolved issues

          People

          • Assignee:
            Unassigned
            Reporter:
            Michael Simon
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development