[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl missing entries in openldap 2.4.23

To: James_Whiteacre@McAfee.com
Subject: Re: syncrepl missing entries in openldap 2.4.23
From: Howard Chu <hyc@symas.com>
Date: Fri, 04 Mar 2011 15:31:21 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <AF487E14-D9BD-493E-BB7B-3D556F80181D@McAfee.com>
References: <AF487E14-D9BD-493E-BB7B-3D556F80181D@McAfee.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b11pre) Gecko/20110130 Firefox/4.0b11pre SeaMonkey/2.1b2pre

James_Whiteacre@McAfee.com wrote:

I am trying to set up syncrepl to have multiple providers to a single

consumer. Basically allowing me to combine two ldap's into a single ldap. I
know this is probably not a standard configuration but seems like it should work.


This seems to work for a while but then all of the records from one of the

providers is deleted. And even though the consumer still is polling both
providers the records will will not get added back.

No, this setup will always fail in the manner you describe. The way a syncreplrefresh works by default is that the provider tells the consumer about everyentry it knows about within the search context. The consumer then deleteseverything on its side that the provider didn't enumerate. Since both of yourconsumers are using the identical search base, every time one of themrefreshes it will always delete everything the other one retrieved. (This isthe normal operation of a syncrepl refresh Present phase. Read RFC4533 for thedetailed explanation.)

It's possible to get this working, somewhat, using delta-syncrepl, whichusually does not use a Present phase. However, if the consumer ever lagsbehind the provider's log (i.e., the consumer's state is older than the oldestentry in the provider's log) then delta-syncrepl falls back to normalsyncrepl, and you'll hit the refresh Present phase again. So in general, whatyou're trying to do is unsupported.

Here is my consumer syncrepl configuration. The providers are a standard provider configuration.

Any help would be appreciated.

Jim


serverID 064

database        bdb
suffix          "o=dogcatfish"
rootdn          "cn=admin,o=dogcatfish"

limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw                  admin

# syncrepl configuration
syncrepl rid=64
          provider=ldap://provider1
          type=refreshOnly
          interval=00:00:01:00
          retry="60 10 300 +"
          searchbase="o=dogcatfish"
          filter="(objectClass=*)"
          scope=sub
          attrs="*,+"
          schemachecking=off
          bindmethod=simple
          binddn="cn=admin,o=dogcatfish"
          credentials="admin"

# syncrepl configuration
syncrepl rid=68
          provider=ldap://provider2
          type=refreshOnly
          interval=00:00:01:00
          retry="60 10 300 +"
          searchbase="o=dogcatfish"
          filter="(objectClass=*)"
          scope=sub
          attrs="*,+"
          schemachecking=off
          bindmethod=simple
          binddn="cn=admin,o=dogcatfish"
          credentials="admin"

# Indices to maintain
index   contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail   eq
checkpoint 1024 5

mirrormode TRUE



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: syncrepl missing entries in openldap 2.4.23
  - From: <James_Whiteacre@McAfee.com>

References:
- syncrepl missing entries in openldap 2.4.23
  - From: <James_Whiteacre@McAfee.com>

Prev by Date: Re: Simple Bind pass-through to SASL/PLAIN
Next by Date: Re: syncrepl missing entries in openldap 2.4.23
Index(es):
- Chronological
- Thread