[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end

To: openldap-software@openldap.org
Subject: Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 20 Oct 2008 10:17:00 +0200
Cc: Karthik Dathathri <karthikd@aol.in>
Content-disposition: inline
In-reply-to: <8CAFC05BD02C560-1058-E514@web-cen-v10.sim.aol.com>
References: <8CAFC05BD02C560-1058-E514@web-cen-v10.sim.aol.com>
User-agent: KMail/1.10.1 (Linux/2.6.27-desktop-0.rc8.2mnb; KDE/4.1.2; x86_64; ; )

On Tuesday 14 October 2008 13:18:37 Karthik Dathathri wrote:
> I was trying to setup replication using syncrepl with openldap 2.4.11
> on two machines running RHEL 5.0
>
> The provider has approximately 1000 entries in the directory.
>
> On the consumer side, I am getting the following error after
> synchronization of around 500 records.
>
> Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001
> cn=Delfin Labarge,ou=Payroll,dc=example,dc=com
> Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 be_add
> (0)
> Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001
> LDAP_RES_SEARCH_RESULT
> Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 (4) Size
> limit exceeded
>
> I am using "refreshOnly" syncrepl in the consumer.
>
> The syncrepl user dn is uid=syncrepl,ou=System,dc=example,dc=com
>
> and added this dn as a member to a group called LDAPAdmins
> (cn=LDAPAdmins,ou=Groups,dc=example,dc=com)
>
> slapd.conf configuration at the consumer end is as follows:

This is irrelevant, searches are done against the provider, not the consumer.

>
> # Replicas running syncrepl as non-rootdn need unrestricted size/time
> limits:
> limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
>        size=unlimited
>        time=unlimited
>
> #SyncRepl slave configuration
> syncrepl rid=001
>     provider=ldap://16.167.10.25
>     type=refreshOnly
>     interval=00:00:05:00
>     searchbase="dc=example,dc=com"
>     binddn="uid=syncrepl,ou=System,dc=example,dc=com"
>     credentials=secret
>     timelimit=unlimited
>     sizelimit=unlimited
>
> slapd.conf configuration at the provider is as follows:
>
> #Global ACL for replication
> access to *
>         by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" read
>         by anonymous read

So, access to * by * read would work, and you can't be sure that your group is 
working from the ACLs ....

>
> # syncprov
> index  entryCSN,entryUUID                                      eq
>
> # Replicas running syncrepl as non-rootdn need unrestricted size/time
> limits:
> limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
>  size=unlimited
>  time=unlimited

So, if you do a search as your uid=syncrepl DN (with ldapsearch), how many 
entries do you get, and what result code do you get?
>
> # ACL ensuring replicator has write access

Syncrepl does not require that any replication DN has write access anywhere 
...

> access to *
>         by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" write
>         by * read
>
> #syncprov overlay configuration
> overlay syncprov
> syncprov-checkpoint 50 10
> syncprov-sessionlog 100
>
> Any pointers would be appreciated. If someone needs more information
> about the environment, please
> let me know.

It;s possible to test some of your configuration manually, which I would 
normally do *first* (before configuring the consumer).

Regards,
Buchan

Follow-Ups:
- Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
  - From: Karthik Dathathri <karthikd@aol.in>
- Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
  - From: Karthik Dathathri <karthikd@aol.in>

References:
- OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
  - From: Karthik Dathathri <karthikd@aol.in>

Prev by Date: Re: bdb 4.6 issue with 2.4.12
Next by Date: Re: Large database initial replication problem
Index(es):
- Chronological
- Thread