Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3086

Backend confidentiality: binary copy fails



      Found with OpenDJ 4.0.0 rev bc494fc6543645e57d370c22cc54853f88bf489e

      We have 2 servers, setup without data, with encryption of database switched on and we replicate these servers.
      We use the dsreplication pre-external-initialization command before stopping both instances and import data on one server.

      We run the backup command on this first server and restore this backup on the second instance.

      ${INSTANCE2}/opendj/bin/backup  -n userRoot -d /tmp/replication_group/tmp/backup_offline 
      ${INSTANCE3}/opendj/bin/restore  -d /tmp/replication_group/tmp/backup_offline 

      We start these servers again, check data are in sync and perform dsreplication post-external-initalization command.

      Then we add an entry on first server:

      ${INSTANCE2}/opendj/bin/ldapmodify -h openam.example.com -p ${INSTANCE2_LDAP_PORT} -D ${INSTANCE2_ROOT_DN} -w ${INSTANCE2_ROOT_PWD} -a <<END_OF_COMMAND_INPUT
      > dn: uid=tfitter,ou=people,dc=example,dc=com
      > cn: Tom Fitter
      > sn: Fitter
      > givenname: Tom
      > objectclass: top
      > objectclass: person
      > objectclass: organizationalPerson
      > objectclass: inetOrgPerson
      > ou: Accounting
      > ou: People
      > l: Sunnyvale
      > uid: tfitter
      > mail: tfitter@example.com
      > userpassword: hamstring
      Processing ADD request for uid=tfitter,ou=people,dc=example,dc=com
      ADD operation successful for DN uid=tfitter,ou=people,dc=example,dc=com

      We check this entry gets replicated on second server but its not:

      {INSTANCE3}/opendj/bin/ldapsearch -h openam.example.com -p ${INSTANCE3_LDAP_PORT} -D ${INSTANCE3_ROOT_DN} -w ${INSTANCE3_ROOT_PWD} -T -b "uid=tfitter,ou=people,dc=example,dc=com"  "(objectclass=*)" "*" creatorsname createtimestamp entryuuid
      SEARCH operation failed
      Result Code:  80 (Other)
      Additional Information:  The search base entry 'uid=tfitter,ou=people,dc=example,dc=com' does not exist  The entry database does not contain a valid record for ID 5

      There are some errors in replication logs of second server:

      [07/Jun/2016:11:12:38 +0200] category=SYNC severity=ERROR msgID=org.opends.messages.replication.73 msg=An unexpected error occurred when searching for generation id for domain "dc=com": Other The entry database does not contain a valid record for ID 1
      [07/Jun/2016:11:12:38 +0200] category=SYNC severity=ERROR msgID=org.opends.messages.replication.76 msg=An unexpected error occurred when updating generation ID for domain "dc=com": Other
      [07/Jun/2016:11:12:38 +0200] category=SYNC severity=ERROR msgID=org.opends.messages.replication.15 msg=Error Other when searching for server state SearchOperation(connID=-1, opID=52, baseDN=dc=com, scope=base, filter=(objectClass=*)) : The entry database does not contain a valid record for ID 1 base dn : dc=com

      See script in attchment to reproduce the issue




            • Assignee:
              fabiop Fabio Pistolesi
              cforel carole forel
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: