Hello,
We have found a new problem with openldap 2.2 :
Many errors messages appears on the file /opt/bdii/var/bdii.log :
-----
[...]
slapadd: could not parse entry (line=291040)
Error for dn:
GlueVOViewLocalID=/VO=ops/GROUP=/ops/ROLE=lcgadmin,GlueCEUniqueID=t2-ce-02.lnl.infn.it:2119/jobmanager-lcglsf-cert,mds-vo-name=INFN-LN
L-2,mds-vo-name=local,o=grid
[...]
-----
Each time a dn contain an attribute of the following form :
"attribute=a_string=another_string,..." (eg:
"/VO=ops/GROUP=/ops/ROLE=lcgadmin") slapadd produce an error "could not
parse entry"
In fact, each time the attribute value contain more that one equal ("=")
character, openldap failed to handle the string, even though this
character is included in the IA5 table.
Our other TOP BDII server (SL3, openldap-2.0.27, glueschema 1.3) work
perfectly.
I've made some test using openldap-2.0 and openldap-2.1 glue schema
directory, but I allways have the error. This problem seem to be
openldap 2.2 specific.
---- TOP-BDII sl3, openldap 2.0 ----
ldapsearch -x -h cclcgtopbdii01.in2p3.fr:2170 -b
"GlueVOViewLocalID=/VO=ops/GROUP=/ops/sgm,GlueCEUniqueID=hepgrid2.ph.liv.ac.uk:2119/jobmanager-lcgpbs-ops,mds-vo-name=UKI-NORTHGRID-LIV-HEP,mds-vo-name=local,o=grid"
[...]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
---- TOP-BDII sl3, openldap 2.2 ----
ldapsearch -x -h cclcgtopbdii02.in2p3.fr:2170 -b
"GlueVOViewLocalID=/VO=ops/GROUP=/ops/sgm,GlueCEUniqueID=hepgrid2.ph.liv.ac.uk:2119/jobmanager-lcgpbs-ops,mds-vo-name=UKI-NORTHGRID-LIV-HEP,mds-vo-name=local,o=grid"
# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN
# numResponses: 1
----------------------------------
Cheers.
Pierre-Emmanuel
Pierre-Emmanuel Brinette a écrit :
> Hi all,
>
> We have found a solution for this problem :
>
> In fact, some of the lcg utilies still use LDAPv2 protocol. By default,
> openldap-2.2 only support LDAPv3 protocol.
>
> So we add in the file /opt/bdii/sbin/bdii an option that allow slapd to
> serve request in LDAPv2 protocol.
>
> *** bdii.orig Mon Jul 23 17:46:54 2007
> --- bdii Mon Jul 23 17:47:16 2007
> ***************
> *** 83,88 ****
> --- 83,89 ----
> cat <<EOF >> $conf
>
> schemacheck off
> + allow bind_v2
>
> pidfile $dir/slapd.pid
> argsfile $dir/slapd.args
>
>
> Cheers,
>
> Pierre-Emmanuel
>
> Mario David a écrit :
>> Hi Pierre
>>
>> so this is great, a new bug or issue
>>
>> the best thing is to open a ggus ticket
>>
>> it's the first time AFAIK that anyone installed a top bdii with slc4
>>
>> and probably why no one ever saw this
>>
>> maybe Marteen can say something here
>>
>> cheers
>>
>> Mario
>>
>> On Mon, 2007-07-23 at 11:28 +0200, Pierre-Emmanuel Brinette wrote:
>>> Hi Mario,
>>>
>>> I've allready done the symlink to openldap-2.0 (I've tested both
>>> openldap-2.0 and 2.1 directory).
>>>
>>> The both bdii (SL3 and SL4) provide the same information :
>>>
>>> cclcgtopbdii01.in2p3.fr : BDII SL3 (openldap 2.0)
>>> ccgridvmli03.in2p3.fr : BDII SL4 (openldap 2.2 using 2.0 schema)
>>>
>>> -------------
>>> $ ldapsearch -x -h cclcgtopbdii01.in2p3.fr -p 2170 -b
>>> "mds-vo-name=IN2P3-CC,mds-vo-name=local,o=grid" > sl3.txt
>>>
>>> $ ldapsearch -x -h ccgridvmli03.in2p3.fr -p 2170 -b
>>> "mds-vo-name=IN2P3-CC,mds-vo-name=local,o=grid" > sl4.txt
>>>
>>> $ diff sl3.txt sl4.txt
>>> < GlueCEStateFreeCPUs: 448
>>> < GlueCEStateRunningJobs: 4
>>> ---
>>> > GlueCEStateFreeCPUs: 452
>>> > GlueCEStateRunningJobs: 0
>>> 7764c7764
>>> < GlueCEStateTotalJobs: 4
>>> ---
>>> > GlueCEStateTotalJobs: 0
>>> 7767c7767
>>> < GlueCEStateFreeJobSlots: 448
>>> ---
>>> [...]
>>> -------------
>>>
>>> The only differences shown by ldapsearch result are due to the fact
>>> that the bdii-update is not synchronized.
>>>
>>>
>>>
>>> Pierre-Emmanuel
>>>
>>>
>>>
>>> Mario David a écrit :
>>>> Hi Pierre
>>>>
>>>> I show you what I did in our site-bdii (some thing I suppose)
>>>>
>>>>
>>>> [root@site-bdii ~]# ll /opt/glue/schema/
>>>> total 8
>>>> drwxr-xr-x 2 root root 4096 Jul 2 11:19 openldap-2.0
>>>> drwxr-xr-x 2 root root 4096 Jul 2 11:19 openldap-2.1
>>>> lrwxrwxrwx 1 root root 12 Jul 2 11:19 openldap-2.2 -> openldap-2.1
>>>>
>>>> that means , make a link openldap-2.2 -> openldap-2.1
>>>>
>>>> this is a known issue, only from slc4 guys ahead of time
>>>>
>>>> ggus ticket https://gus.fzk.de/pages/ticket_details.php?ticket=23834
>>>>
>>>> hope this helps
>>>> and should be solved soon when other nodes are supported in slc4
>>>>
>>>> cheers
>>>>
>>>> Mario David
>>>>
>>>> On Mon, 2007-07-23 at 10:24 +0200, Pierre-Emmanuel Brinette wrote:
>>>>> Hello,
>>>>>
>>>>> We have installed a new TOP BDII with SL4/32 bits
>>>>> (glite-BDII-3.0.2-12, openldap-2.2.13). We doesn't found particular
>>>>> problem during the installation.
>>>>>
>>>>> We made some test on our UI (glite 3.0.13) and we found strange
>>>>> behaviors with some "lcg-" commands:
>>>>>
>>>>> ------------------------
>>>>> $ lcg-infosites --vo dteam ce
>>>>> valor del bdii: cclcgtopbdii02.in2p3.fr:2170
>>>>> #CPU Free Total Jobs Running Waiting ComputingElement
>>>>> ----------------------------------------------------------
>>>>> 121 12 3 0 3
>>>>> gce.phy.bg.ac.yu:2119/blah-pbs-dteam
>>>>> ...
>>>>>
>>>>> $ lcg-info --list-ce --vo dteam
>>>>> lcg-info: Error in binding the BDII:
>>>>> Net::LDAP::Bind=HASH(0x9c15c24)->error_text()
>>>>> -------------------------
>>>>>
>>>>> Some command (lcg-info, lcg-cr, ...) hang up when using the new
>>>>> BDII with openldap 2.2.
>>>>>
>>>>> When we use our old TOP BDII (glite-BDII-3.0.2-12, Glue schema 1.3,
>>>>> openldap-2.0.37), this command succeed.
>>>>>
>>>>> Any Idea ?
>>>>>
>>>>> Regards.
>>>>>
>>>>> Pierre-Emmanuel
>>>
>>
>>
>
>
--
Pierre-Emmanuel Brinette
Grid computing - EGEE/LCG team
IN2P3/CNRS Computing Centre - Lyon (France)
27 bd du 11 novembre, F-69622 Villeurbanne cedex
[log in to unmask] - Tél. : +33 (0) 4 78 93 08 80
|