Solving Potential Interoperability Problems
301
• The server creates a minimalistic entry with the
glue
and
extensibleObject
object classes.
In such cases, modify the entry to turn it into a meaningful entry or delete it and all of its child entries.
8.18.3. Solving Potential Interoperability Problems
For reasons of interoperability with applications that rely on attribute uniqueness, such as a mail
server, it may be necessary to restrict access to the entries which contain the
nsds5ReplConflict
attribute. If access is not restricted to these entries, then the applications requiring one attribute only
pick up both the original entry and the conflict resolution entry containing the
nsds5ReplConflict
,
and operations will fail.
To restrict access, modify the default ACI that grants anonymous read access:
ldapmodify -h
hostname
-D "cn=Directory Manager" -w
password
> dn: dc=example,dc=com
> changetype: modify
> delete: aci
> aci: (target ="ldap:///dc=example,dc=com")(targetattr
!="userPassword")(version 3.0;acl "Anonymous read-search
access";allow (read, search, compare)(userdn = "ldap:///anyone");)
> -
> add: aci
> aci: (target="ldap:///dc=example,dc=com")(targetattr!="userPassword")
(targetfilter="(!(nsds5ReplConflict=*))")(version 3.0;acl
"Anonymous read-search access";allow (read, search, compare)
(userdn="ldap:///anyone");)
> -
The new ACI filters out all entries that contain the
nsds5ReplConflict
attribute from search results.
For more information on the
ldapmodify
command, see
Section 2.2, “Managing Entries from the
Command-Line”
and the
Directory Server Configuration, Command, and File Reference
.
8.19. Troubleshooting Replication-Related Problems
This section lists some error messages, explains possible causes, and offers remedies.
It is possible to get more debugging information for replication by setting the error log level to
8192
,
which is replication debugging. See
Section 8.19, “Troubleshooting Replication-Related Problems”
.
To change the error log level to
8192
, run the following
ldapmodify
command:
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 8192
Because log level is additive, running the above command will result in excessive messages in the
error log. So, use it judiciously.
To turn off replication debugging log, set the same attribute to
0
.
The
cl-dump.pl
script, which is explained in detail in the
Directory Server Configuration, Command,
and File Reference
can also help troubleshoot replication-related problems. Depending on the usage
options, the script can selectively dump a particular replica:
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...