问题描述
我在 Ubuntu 19.04 VM 上设置了我的 OpenLDAP 服务器并允许复制(使用本教程:https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication).复制的一切似乎都很好.我没有设置消费者服务器,因为我的代码将充当一个,定期拉取修改过的元素.
I set up my OpenLDAP server on a Ubuntu 19.04 VM and allowed replication (using this tutorial: https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication). Everything for replication seems ok. I don't have set up a consumer server as my code will act as one, pulling modified elements regularly.
已正确检索到修改/添加的条目,但我想删除已删除的项目,但似乎无法正常工作.
The modified/added entries are correctly retrieved BUT I want to get deleted items and I can't seem to get it to work.
如 RFC https://www.rfc-editor.org/rfc/rfc4533#section-3.3.2,我应该收到一条包含名为syncUUIDs"的属性的同步信息消息
As described by the RFC https://www.rfc-editor.org/rfc/rfc4533#section-3.3.2, I should receive a Sync Info Message Containing an attribute named "syncUUIDs"
syncUUIDs 包含自上次同步操作以来已从内容中删除的条目和引用的一组 UUID
syncUUIDs contain a set of UUIDs of the entries and references that have been deleted from the content since the last Sync Operation
我的同步请求控制初始化
My Sync Request Control initialization
syncRequestValue = BerConverter.Encode("{iob}", new object[] { refreshOnly, cookieSrc, true });
testdsrc = new DirectoryControl("1.3.6.1.4.1.4203.1.9.1.1", syncRequestValue, true, true);
将控件添加到请求中,然后发送.
Adding the control to the request and then send it.
request.Controls.Add(testdsrc);
connection.SendRequest(request);
response = (SearchResponse)connection.SendRequest(request);
获取条目,这里我删除了 1 个条目,修改了 1 个并添加了 1 个,我只得到了 2 个条目(添加/修改的条目)
Getting the Entries, here I deleted 1 entry, modified 1 and added 1, I only get 2 entries (the added/modified ones)
entries = response.Entries;
if (response.Entries.Count > 0)
{
object[] controlvalue = BerConverter.Decode("{Ob}",
response.Controls[0].GetValue());
cookieSrc = (byte[])controlvalue[0];
var refreshDeletes = (bool)controlvalue[1];
File.WriteAllBytes(strFileName, cookieSrc);
}
你知道它是来自我的 LDAP 服务器的配置还是我的 C# 代码?
Do you know if it comes from the configuration of my LDAP server or my code in C#?
我不知道:
- 我的服务器发送了正确的响应,而 SearchResponse 类不知道如何解释它
或
- 如果我的服务器配置错误并且根本没有发送已删除条目的列表...
推荐答案
通过在我的 OpenLdap 服务器上添加同步"日志级别,我能够看到发送了具有正确 OID 的中间消息.
By adding the "sync" loglevel on my OpenLdap server I was able to see that a Intermediate message with the correct OID was sent.
slapd debug conn=1131 fd=15 ACCEPT from IP=x.x.x.x (IP=0.0.0.0:389)
slapd debug conn=1131 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128
slapd debug conn=1131 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
slapd debug conn=1131 op=0 RESULT tag=97 err=0 text=
slapd debug conn=1131 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"
slapd debug conn=1131 op=1 SRCH attr=dn objectClass cn displayName
**slapd debug conn=1131 op=1 INTERM oid=1.3.6.1.4.1.4203.1.9.1.4**
slapd debug conn=1131 op=1 ENTRY dn="ou=uni,dc=example,dc=com"
slapd debug syncprov_search_response: cookie=rid=000,csn=20190924091959.141380Z#000000#000#000000
slapd debug conn=1131 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd debug conn=1131 op=2 UNBIND
slapd debug conn=1131 fd=15 closed
通过使用 Perl 脚本和 Perl Net::LDAP 库,我能够看到响应值包含已删除条目的 UUIDS.
By using a Perl script and the Perl Net::LDAP library I was able to see that the response value contained the UUIDS of the deleted entries.
我现在知道我的服务器已正确配置,但我不知道如何使用 .NET 获取 UUID
I know now that my server is correctly configured but I don't know how to get the UUIDs using .NET
use Net::LDAP;
use Net::LDAP::Control::SyncRequest;
use Net::LDAP::Intermediate::SyncInfo;
use Net::LDAP::Constant qw(
LDAP_SYNC_REFRESH_ONLY
LDAP_SYNC_REFRESH_AND_PERSIST
LDAP_SUCCESS );
use Data::Dumper qw(Dumper);
$ldap = Net::LDAP->new( "127.0.0.1:389" ) or die($@);
$req = Net::LDAP::Control::SyncRequest->new( mode => LDAP_SYNC_REFRESH_ONLY, cookie => "rid=000,csn=20190912114502.963050Z#000000#000#000000" );
my $mesg = $ldap->search(base=> 'dc=example,dc=com',
scope => 'sub',
control => [ $req ],
callback => &searchCallback, # call for each entry
filter => "(objectClass=*)",
attrs => [ '*']);
print "
==========
";
print Dumper($mesg);
sub searchCallback {
my $message = shift;
my $entry = shift;
my @controls = $message->control;
print Dumper($message);
print "
==========
";
my $count = scalar(@controls);
print " $count controls in response
";
if ( $count == 0 ) {
if ($message->isa('Net::LDAP::Intermediate::SyncInfo')) {
print "Received Sync Info message
";
}
return;
}
if (!defined($controls[0]) ) {
print " control 0 is undefined
";
return;
}
if ($controls[0]->isa('Net::LDAP::Control::SyncState')) {
print "Received Sync State Control
";
print $entry->dn()."
";
#print Dumper($controls[0]->entryUUID);
print 'State: '.$controls[0]->state."
entryUUID: ".$controls[0]->entryUUID."
cookie: ".$controls[0]->cookie."
";
} elsif ($controls[0]->isa('Net::LDAP::Control::SyncDone')) {
print "Received Sync Done Control
";
print ' Cookie: '.$controls[0]->cookie."
refreshDeletes: ".$controls[0]->refreshDeletes."
";
} else {
print Dumper($controls[0]);
}
}
我创建了一个新问题,询问如何使用 .Net 获取同步信息消息.
I created a new question asking how to get the Sync Info Message using .Net.
这篇关于无法使用内容同步操作 (syncrepl) 从 OpenLDAP 服务器获取已删除的项目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!