Fedora directory users - Oct 2009 - [389-users] Replication: update of supplier via referral from consumer not working

Hi!

Note: real information (IPs, DNs, FQDNs) has been replaced with generic 
information.

I have set up a single-master replication scenario.
supplier: ldap://supplier.example.com:389
consumer: ldap://consumer.example.com:389
Replications works with no problems.

I have entered "ldap://supplier.example.com:389/dc=example, dc=com" in
the "Current URLs for referrals (Optional)" field.

If I understand correctly, when trying to update an entry on the 
consumer, the referral should take me to the supplier and perform the 
update there.

But I get the following error from the consumers console:
"netscape.ldap.LDAPException: error result (32); No such object; Failed 
to follow referral to 
ldap://supplier.example.com:389/edupersonprincipalname=user.name@example.com.si,dc=example,"


As you can see, there is a part of the DN missing and I have no idea why...


This is the information from the suppliers error log, again with the 
incomplete DN:

[snip]
[29/Oct/2009:10:17:49 +0100] conn=18 fd=70 slot=70 connection from 
CONSUMER_IP to SUPPLIER_IP
[29/Oct/2009:10:17:49 +0100] conn=18 op=0 BIND dn="cn=Directory
Manager"
method=128 version=3
[29/Oct/2009:10:17:49 +0100] conn=18 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="cn=directory manager"
[29/Oct/2009:10:17:49 +0100] conn=18 op=1 MOD 
dn="edupersonprincipalname=user.name@example.com.si,dc=example,"
[29/Oct/2009:10:17:49 +0100] conn=18 op=1 RESULT err=32 tag=103 
nentries=0 etime=0
[29/Oct/2009:10:17:49 +0100] conn=18 op=2 UNBIND
[29/Oct/2009:10:17:49 +0100] conn=18 op=2 fd=70 closed - U1
[/snip]

Regards,
Mitja

Mitja Mihelič wrote:
> Hi!
>
> Note: real information (IPs, DNs, FQDNs) has been replaced with 
> generic information.
>
> I have set up a single-master replication scenario.
> supplier: ldap://supplier.example.com:389
> consumer: ldap://consumer.example.com:389
> Replications works with no problems.
>
> I have entered "ldap://supplier.example.com:389/dc=example,
dc=com" in
> the "Current URLs for referrals (Optional)" field.
Why?  Replication sets the referrals automatically - that''s why the 
console lists this field as (Optional).  Don''t use these referrals 
unless you have to.

Secondly, you have a space in there - use dc=example,dc=com instead.  If 
you need to have spaces and other meta-characters in the LDAP URL, see 
http://www.ietf.org/rfc/rfc4516.txt
>
> If I understand correctly, when trying to update an entry on the 
> consumer, the referral should take me to the supplier and perform the 
> update there.
>
> But I get the following error from the consumers console:
> "netscape.ldap.LDAPException: error result (32); No such object; 
> Failed to follow referral to 
>
ldap://supplier.example.com:389/edupersonprincipalname=user.name@example.com.si,dc=example,"
>
>
>
> As you can see, there is a part of the DN missing and I have no idea 
> why...
>
>
> This is the information from the suppliers error log, again with the 
> incomplete DN:
>
> [snip]
> [29/Oct/2009:10:17:49 +0100] conn=18 fd=70 slot=70 connection from 
> CONSUMER_IP to SUPPLIER_IP
> [29/Oct/2009:10:17:49 +0100] conn=18 op=0 BIND dn="cn=Directory 
> Manager" method=128 version=3
> [29/Oct/2009:10:17:49 +0100] conn=18 op=0 RESULT err=0 tag=97 
> nentries=0 etime=0 dn="cn=directory manager"
> [29/Oct/2009:10:17:49 +0100] conn=18 op=1 MOD 
> dn="edupersonprincipalname=user.name@example.com.si,dc=example,"
> [29/Oct/2009:10:17:49 +0100] conn=18 op=1 RESULT err=32 tag=103 
> nentries=0 etime=0
> [29/Oct/2009:10:17:49 +0100] conn=18 op=2 UNBIND
> [29/Oct/2009:10:17:49 +0100] conn=18 op=2 fd=70 closed - U1
> [/snip]
>
> Regards,
> Mitja
>
> -- 
> 389 users mailing list
> 389-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

Rich Megginson wrote:
> Mitja Mihelič wrote:
>>
>> I have entered "ldap://supplier.example.com:389/dc=example,
dc=com"
>> in the "Current URLs for referrals (Optional)" field.
> Why?  Replication sets the referrals automatically - that''s why
the
> console lists this field as (Optional).  Don''t use these referrals
> unless you have to.
Deleted the referral.
>
> Secondly, you have a space in there - use dc=example,dc=com instead. 
> If you need to have spaces and other meta-characters in the LDAP URL,
> see http://www.ietf.org/rfc/rfc4516.txt
The space crept in there at the directory server creation. There was no
need for that space so I removed it by recreating the base suffix.
After that everything fell into place.

Thank you for your help Rich!


Redards,
Mitja Mihelič