[Date Prev][Date Next] [Chronological] [Thread] [Top]

slurpd replication problem/trying to decide whether or not to switch to openldap 2.2 w/sync repl.

Hi!

I'm having several problems with slurp replication. I have a big deployment (one master ldap server and about 25 replicas). I'm using samba as domain controller with ldap backend, and have 22 BDCs in remote locations (every one of these has it's ldap replica). I have users that roam around all the locations, so I decided to have only one directory, and not a partitioned one.

The problem is: about once a day (some times more), I get a .rej for one or more of the LDAPs. The rejs use to look like this:

ERROR:
replica: correo-bdc.ince.int:389
time: 1109621405.0
dn: uid=recsysadm0530$,ou=Computadoras,ou=Cuentas,dc=ince,dc=int
changetype: modify
delete: sambaPwdCanChange
sambaPwdCanChange: 1109184847
-
add: sambaPwdCanChange
sambaPwdCanChange: 1109621405
-
delete: sambaNTPassword
sambaNTPassword: D3DBC9340856BC148A732A45DE09BFAB
-
add: sambaNTPassword
sambaNTPassword: A408A024EC08915D7D32A197C29FA1C7
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1109184847
-
add: sambaPwdLastSet
sambaPwdLastSet: 1109621405
-
replace: entryCSN
entryCSN: 2005022820:10:05Z#0x0001#0#0000
-
replace: modifiersName
modifiersName: cn=Manager,dc=ince,dc=int
-
replace: modifyTimestamp
modifyTimestamp: 20050228201005Z
-

And some times like this:

ERROR: modify/delete: displayName: no such value
replica: bolsdc02.ince.int:389
time: 1107358004.0
dn: uid=reccjuusr0530$,ou=Computadoras,ou=Cuentas,dc=ince,dc=int
changetype: modify
delete: displayName
displayName: Computer
-
add: displayName
displayName: RECCJUUSR0530$
-
add: sambaPwdCanChange
sambaPwdCanChange: 1107358004
-
add: sambaPwdMustChange
sambaPwdMustChange: 2147483647
-
add: sambaNTPassword
sambaNTPassword: 01D9F42460395FBB6FFBA67ADE963900
-
add: sambaPwdLastSet
sambaPwdLastSet: 1107358004
-
delete: sambaAcctFlags
sambaAcctFlags: [DW         ]
-
add: sambaAcctFlags
sambaAcctFlags: [W          ]
-
replace: entryCSN
entryCSN: 2005020215:26:44Z#0x0001#0#0000
-
replace: modifiersName
modifiersName: cn=Manager,dc=ince,dc=int
-
replace: modifyTimestamp
modifyTimestamp: 20050202152644Z
-

The funny part is that is has a display name:

bolsdc02:~# ldapsearch -x -D "cn=Manager,dc=ince,dc=int" -W '(uid=reccjuusr0530*)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=reccjuusr0530*)
# requesting: ALL
#

# reccjuusr0530$, Computadoras, Cuentas, ince.int
dn: uid=reccjuusr0530$,ou=Computadoras,ou=Cuentas,dc=ince,dc=int
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: reccjuusr0530$
sn: reccjuusr0530$
uid: reccjuusr0530$
uidNumber: 1744
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-2306982600-149564862-3370907047-4488
sambaPrimaryGroupSID: S-1-5-21-2306982600-149564862-3370907047-2107
displayName: RECCJUUSR0530$
sambaPwdCanChange: 1107358004
sambaPwdMustChange: 2147483647
sambaNTPassword: 01D9F42460395FBB6FFBA67ADE963900
sambaPwdLastSet: 1107358004
sambaAcctFlags: [W          ]

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

After the first error, there follows others.

Well, as you can see, I'm having big problems. It seems like the directories are getting "out-of-sync", wich, off course, cause other problems (a cascade, if you like to call it like that).

I have been resyncing the LDAPs manually, but it doesn't last more that two days before it starts to give me problems again.

So, My question: If I change my whole system (a Debian Sarge system) to openldap 2.2 (wich implies converting the database (not so hard) and redeploy the ldap on 25 servers), and I switch to Sync Repl: Will it work fine?

Thanks in advance for your help, and sorry for the length of the post. Please, feel free to remove anything you don't need in the answer.

Sincerely,

Ildefonso Camargo
icamargo@unet.edu.ve
icamargo@merkurio.com.ve