[OPENDJ-5590] Proxy: server discovery fails silently when proxy base-dn differs from backend's base-dn Created: 17/Oct/18  Updated: 08/Nov/19  Resolved: 07/Nov/18

Status: Done
Project: OpenDJ
Component/s: proxy
Affects Version/s: 6.5.0
Fix Version/s: 7.0.0

Type: Bug Priority: Major
Reporter: carole forel Assignee: Yannick Lecaillez
Resolution: Fixed Votes: 0
Labels: Verified, release-notes

Epic Link: Bugs 7.0
Story Points: 1
QA Assignee: Petr Matej [X] (Inactive)


Found with opendj 6.5.0 cc6082ea9b307b39ab4adc5a6ffea28a22993dea

We set up 2 DJ servers with base_dn=o=example.
Then we configure a proxy with both servers as static primary servers.
We create 2 shards, one per server:

/PROXY/opendj/bin/dsconfig -h nameserver.example.com -p 4446 -D "cn=Directory Manager" -w password -X create-service-discovery-mechanism --mechanism-name "shard1" --type static --set primary-server:nameserver.example.com:1389 -n

/PROXY/opendj/bin/dsconfig -h nameserver.example.com -p 4446 -D "cn=Directory Manager" -w password -X create-service-discovery-mechanism --mechanism-name "shard2" --type static --set primary-server:nameserver.example.com:1390 -n

On both DJs, we create an organizational entry ou=People under o=example.
We create a new proxy backend on it with route-all=False and a base dn of ou=people,o=example:

/PROXY/opendj/bin/dsconfig -h nameserver.example.com -p 4446 -D "cn=Directory Manager" -w password -X create-backend --backend-name distribute --type proxy --set shard:"shard1" --set shard:"shard2" --set partition-base-dn:"ou=People,o=example" --set proxy-user-password:"password" --set base-dn:ou=People,o=example --set enabled:true --set proxy-user-dn:"uid=proxy,o=example" --set route-all:False -n

We start over the proxy and it seems fine but yet, in the monitor entry, we cannot find the shards for our backend:

/PROXY/opendj/bin/ldapsearch -h nameserver.example.com -p 1391 -D "cn=Directory Manager" -w password -b "cn=monitor" "ds-cfg-backend-id=distribute"
dn: ds-cfg-backend-id=distribute,cn=backends,cn=monitor
ds-mon-backend-is-private: 0
ds-mon-backend-proxy-base-dn: ou=People,o=example
ds-mon-backend-writability-mode: enabled
objectClass: top
objectClass: ds-monitor
objectClass: ds-monitor-backend
objectClass: ds-monitor-backend-proxy
ds-cfg-backend-id: distribute

But no error appear in the logs.

if I switch the base dn of the proxy to match the naming context of the DJS, (o=example), the discovery works fine.

Comment by Petr Matej [X] (Inactive) [ 11/Mar/19 ]

Verified on 7.0.0-SNAPSHOT - c092b9442f5b39ebd4611627b4d0775637ff3358

Warning message now appears in errors log for each shard:

category=BACKEND severity=WARNING msgID=651 msg=The proxy backend 'distribute' will ignore the discovered servers '[opendj.example.com:1390]' from shard 'shard1' because they do not expose the required base DNs '[ou=People,o=example]'
Generated at Sun Sep 27 19:11:30 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.