Full_Name: Heinz H�lzl Version: 2.4.23 OS: Linux Ubuntu Hardy LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (84.18.132.37) If i sync a part of my DIT with syncrepl, the first sync works fine. Then if i modify some objects on the provider, on the consumer appears: "do_syncrep2: rid=105 CSN too old, ignoring 20100811125159.871757Z#000000#001#000000" If i sync the hole DIT all works fine. If i use openldap 2.4.19 for syncing only a part of the DIT all works fine too. The version of the provider is 2.4.23 too. slapd.conf on the provider: ...snip.... database ldap lastmod on suffix "dc=krb" rootdn "cn=admin,dc=krb" uri "ldaps://lbackend.s2.dc.gvcc.net:10636" readonly on ...snip... slapd.conf on the consumer: # Schema and objectClass definitions include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/sgv.schema include /etc/openldap/schema/mozillaOrgPerson.schema include /etc/openldap/schema/kerberos.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args allow bind_v2 # Schema check allows for forcing entries to # match schemas for their objectClasses's #schemacheck on loglevel none ####################################################################### # ldbm database definitions ####################################################################### modulepath /usr/lib/ldap moduleload back_hdb moduleload rwm sizelimit unlimited tool-threads 1 access to * by * write include /etc/openldap/tls.conf backend hdb # KERBEROS database hdb dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 lastmod on suffix "dc=krb" checkpoint 512 30 directory "/var/lib/ldap/krb" rootdn "cn=admin,dc=krb" rootpw blabla include /etc/openldap/slapd.replica.consumer-krb index objectClass eq index krbPrincipalName eq,pres,sub index krbPwdPolicyReference eq,pres index entryUUID,aliasedObjectName eq index default sub ############################################################################### /etc/openldap/slapd.replica.consumer-krb: # syncrepl syncrepl rid=101 searchbase="dc=krb" scope=base provider=ldaps://syncrepl.zid.gvcc.net type=refreshAndPersist retry="5 5 300 +" schemachecking=off bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/openldap/.ssl/usercert.pem tls_key=/etc/openldap/.ssl/user.key tls_cacert=/etc/ssl/cacert.pem tls_reqcert=try syncrepl rid=102 searchbase="cn=princs,dc=krb" scope=base provider=ldaps://syncrepl.zid.gvcc.net type=refreshAndPersist retry="5 5 300 +" schemachecking=off bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/openldap/.ssl/usercert.pem tls_key=/etc/openldap/.ssl/user.key tls_cacert=/etc/ssl/cacert.pem tls_reqcert=try syncrepl rid=103 searchbase="cn=krbcontainer,dc=krb" scope=sub provider=ldaps://syncrepl.zid.gvcc.net type=refreshAndPersist retry="5 5 300 +" schemachecking=off bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/openldap/.ssl/usercert.pem tls_key=/etc/openldap/.ssl/user.key tls_cacert=/etc/ssl/cacert.pem tls_reqcert=try syncdata=default syncrepl rid=104 searchbase="o=zid,cn=princs,dc=krb" scope=sub provider=ldaps://syncrepl.zid.gvcc.net type=refreshAndPersist retry="5 5 300 +" schemachecking=off bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/openldap/.ssl/usercert.pem tls_key=/etc/openldap/.ssl/user.key tls_cacert=/etc/ssl/cacert.pem tls_reqcert=try syncdata=default syncrepl rid=105 searchbase="o=klingons,cn=princs,dc=krb" scope=sub provider=ldaps://syncrepl.zid.gvcc.net type=refreshAndPersist retry="5 5 300 +" schemachecking=off bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/openldap/.ssl/usercert.pem tls_key=/etc/openldap/.ssl/user.key tls_cacert=/etc/ssl/cacert.pem tls_reqcert=try syncdata=default ################################################################## buid-options for both versions (2.4.19 and 2.4.23) used on the consumer an on the provider: ./configure --prefix=${prefix} --bindir=${prefix}/bin --sbindir=${prefix}/sbin --libexecdir=${prefix}/lib --libdir=${prefix}/lib --sysconfdir=/etc --localstatedir=/var --mandir=${prefix}/share/man --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slapi --enable-slp --enable-wrappers --enable-backends=mod --disable-ndb --enable-overlays=mod --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls=openssl --with-odbc=unixodbc --build x86_64-linux-gnu
I testet it also whithout a back-ldap The problem exists also if the provider is a "normal" slapd with "database hdb"
Hi Heinz, Do you still see this issue with current OpenLDAP builds? Also, can you confirm that time was tightly sync'd in the case you submitted? I've seen similar issues due to clock skew. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
clock skew?
changed notes changed state Open to Feedback moved from Incoming to Software Bugs