[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication failling and not retrieving all entries



Hi All,
 
I have a big network with one master openldap 2.3.30 running on Debian Etch fully updated.
 
I have other 27 consumers using replication on refresAndPersist type working 100% fine with one exception.
 
This exception have the same configurations off all other servers. I have already changed the WAN provider (it was planned to change it), the switch where the server is connected, network cable, the hole server and nothing seems to change the strange behavior.
 
What happens is this specific machine does not receive all the 8323 objects from the master. On debug mode it does not show any error. The openldap simply thinks the replica have finished. Then some seconds later it start replicating again but not from the stop point. The best that I have is 5217 objects replicated.
 
My conf on this server was copied from another working installation and then changed the "rid".
 
This is how my conf is:
#######################################################################
# SCHEMAS
#######################################################################
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/misc.schema
include         /etc/ldap/schema/samba.schema


#######################################################################
# GERAL
#######################################################################
#allow bind_v2
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        4 64 16384
sizelimit 20000
tool-threads 1


#######################################################################
# MODULOS
#######################################################################
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      syncprov


#######################################################################
# BACKEND
#######################################################################
backend         bdb
checkpoint 512 30


#######################################################################
# DATABASE
#######################################################################
database        bdb
suffix          "dc=company"
rootdn          "cn=replicator,dc=company"
rootpw          {SSHA}password
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod         on


######################################################################
# ACL
######################################################################
access to dn.base=""
        by * read

access to *
        by dn="cn=admin,dc=company" write
        by dn="cn=replicator,dc=company" write
        by * read

access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
        by dn="cn=admin,dc=company" write
        by dn="cn=replicator,dc=company" write
        by self write
        by anonymous auth
        by * none

 

######################################################################
# TLS
######################################################################
TLSCipherSuite  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP
TLSCACertificateFile /etc/ldap/certs/cacert.pem
TLSCertificateFile /etc/ldap/certs/servercrt.pem
TLSCertificateKeyFile /etc/ldap/certs/serverkey.pem
TLSVerifyClient never


######################################################################
# REPLICACAO
######################################################################
syncrepl rid=51
        provider=ldaps://ldap
        bindmethod=simple
        binddn="cn=replicator,dc=company"
        credentials=password
        searchbase="dc=company"
        schemachecking=off
        type=refreshAndPersist
        retry="30 30 600 72"

######################################################################
# Indices
######################################################################
index           cn                              pres,sub,eq
index           sn                              pres,sub,eq
index           uid                             pres,sub,eq
index           displayName                     pres,sub,eq
index           memberUid                       eq,subinitial
index           mail                            eq,subinitial
index           givenname                       eq,subinitial
index           uidNumber                       eq
index           gidNumber                       eq
index           entryUUID                       eq
index           sambaSID                        eq
index           sambaPrimaryGroupSID            eq
index           sambaDomainName                 eq
index           objectClass                     eq
index           sambaGroupType                  eq
index           sambaSIDList                    eq
index           uniqueMember                    eq
index           entryCSN                        eq

When the replication stops the log just shows:

Dec  8 15:55:09 mg slapd[6529]: syncrepl_entry: LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)

Dec  8 15:55:09 mg slapd[6529]: bdb_idl_fetch_key: [7cdee34d]
Dec  8 15:55:09 mg slapd[6529]: send_ldap_result: err=0 matched="" text=""
Dec  8 15:55:09 mg slapd[6529]: syncrepl_entry: be_search (0)
Dec  8 15:55:09 mg slapd[6529]: syncrepl_entry: uid=pr0239$,ou=maquinas,dc=matriz,dc=company
Dec  8 15:55:09 mg slapd[6529]: do_syncrep2: LDAP_RES_SEARCH_RESULT
Dec  8 15:55:09 mg slapd[6529]: connection_get(39)

Note that the first line is saying LDAP_SYNC_ADD and not LDAP_SYNC_MODIFY once this user is already loaded.

Anyone can help us with this one?

Thanx in advance.

Gustavo