[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6494) replication doesn't works if directory contains more than one tree

To: openldap-its@OpenLDAP.org
Subject: (ITS#6494) replication doesn't works if directory contains more than one tree
From: Ikonta@yandex.ru
Date: Fri, 19 Mar 2010 11:28:09 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Sergey A. Starikov
Version: 2.4.21
OS: FreeBSD 7.2-RELEASE-p4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.229.208.12)


Also (currently the main OS) is FreeBSD 6.4-RELEASE-p9.
Configuration stored in slapd.conf.
Two servers in mirror mode.

The slapd.conf is:
<includes>
serverID    
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb

<ACLs set (replicator user can read everything in replicated tree)>

sizelimit 1024
#

#######################################################################
# BDB database definitions
#######################################################################

# db #1 (caotus userbase, main database)
database        bdb
suffix          "dc=mydomain,dc=ru"
rootdn          "uid=admin,dc=mydomain,dc=ru"
rootpw          {SSHA}<some hash>

overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 07+00:00 01+00:00

# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/db/openldap-data
# Indices to maintain
index           cn,sn,uid  pres,eq,approx,sub
<and some other indexes>
# syncprov specific indexing
index entryCSN                          eq
index entryUUID                         eq


overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

syncrepl rid=002
                provider=ldap://ldapN.mydomain.ru:389
                type=refreshOnly
                interval=00:00:12:00
                retry="64 16 256 4"
                searchbase="dc=mydomain,dc=ru"
                scope=sub
                sizelimit=unlimited
                timelimit=512
                schemachecking=on
                bindmethod=simple
                binddn="uid=Replicator,ou=People,dc=mydomain,dc=ru"
                credentials=secret

mirrormode on

# db #2 (ESPP certs database accesslog)
database        bdb
suffix          "cn=accesslog"
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/log/openldap-accesslog
# Indices to maintain
index reqStart eq


In described case accesslog overlay works normally.
But overlay syncprov is _particularly_ inoperate (transferred only one of about
28 changes in source database). Both in refreshAndPersist and refreshOnly
replication modes.
If I remove the accesslog overlay from slapd.conf --- replication works as it
should.

Also, if I try to add instead the accesslog another tree, for example:
slapd.conf:
...
# db #2
database        bdb
suffix          "dc=public,dc=org"
directory       /var/db/openldap-db2
# Indices to maintain
index   objectClass     eq
<other indexes>
...
replication also doesn't works.

Prev by Date: Re: (ITS#6477) Clarify ambiguous TLS/SSL Errors in libldap/tls2c.
Next by Date: (ITS#6495) nssov patch to better emulate pam_ldap behaviour
Index(es):
- Chronological
- Thread