[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl missing entries in openldap 2.4.23



So does OpenLDAP have another mechanism to do this? Combine two ldap providers into a single consumer that is?


Jim


On Mar 4, 2011, at 4:31 PM, Howard Chu wrote:

> James_Whiteacre@McAfee.com wrote:
>> I am trying to set up syncrepl to have multiple providers to a single
> consumer. Basically allowing me to combine two ldap's into a single ldap. I
> know this is probably not a standard configuration but seems like it should work.
>> 
>> This seems to work for a while but then all of the records from one of the
> providers is deleted. And even though the consumer still is polling both
> providers the records will will not get added back.
> 
> No, this setup will always fail in the manner you describe. The way a syncrepl 
> refresh works by default is that the provider tells the consumer about every 
> entry it knows about within the search context. The consumer then deletes 
> everything on its side that the provider didn't enumerate. Since both of your 
> consumers are using the identical search base, every time one of them 
> refreshes it will always delete everything the other one retrieved. (This is 
> the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the 
> detailed explanation.)
> 
> It's possible to get this working, somewhat, using delta-syncrepl, which 
> usually does not use a Present phase. However, if the consumer ever lags 
> behind the provider's log (i.e., the consumer's state is older than the oldest 
> entry in the provider's log) then delta-syncrepl falls back to normal 
> syncrepl, and you'll hit the refresh Present phase again. So in general, what 
> you're trying to do is unsupported.
> 
> 
>> Here is my consumer syncrepl configuration. The providers are a standard provider configuration.
>> 
>> Any help would be appreciated.
>> 
>> Jim
>> 
>> 
>> serverID 064
>> 
>> database        bdb
>> suffix          "o=dogcatfish"
>> rootdn          "cn=admin,o=dogcatfish"
>> 
>> limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited
>> 
>> # Cleartext passwords, especially for the rootdn, should
>> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
>> # Use of strong authentication encouraged.
>> rootpw                  admin
>> 
>> # syncrepl configuration
>> syncrepl rid=64
>>          provider=ldap://provider1
>>          type=refreshOnly
>>          interval=00:00:01:00
>>          retry="60 10 300 +"
>>          searchbase="o=dogcatfish"
>>          filter="(objectClass=*)"
>>          scope=sub
>>          attrs="*,+"
>>          schemachecking=off
>>          bindmethod=simple
>>          binddn="cn=admin,o=dogcatfish"
>>          credentials="admin"
>> 
>> # syncrepl configuration
>> syncrepl rid=68
>>          provider=ldap://provider2
>>          type=refreshOnly
>>          interval=00:00:01:00
>>          retry="60 10 300 +"
>>          searchbase="o=dogcatfish"
>>          filter="(objectClass=*)"
>>          scope=sub
>>          attrs="*,+"
>>          schemachecking=off
>>          bindmethod=simple
>>          binddn="cn=admin,o=dogcatfish"
>>          credentials="admin"
>> 
>> # Indices to maintain
>> index   contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail   eq
>> checkpoint 1024 5
>> 
>> mirrormode TRUE
>> 
>> 
> 
> 
> -- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/