[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6619) CSN too old
Full_Name: Heinz Hölzl
Version: 2.4.23
OS: Linux Ubuntu Hardy LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.18.132.37)
If i sync a part of my DIT with syncrepl, the first sync works fine. Then if i
modify some objects on the provider, on the consumer appears: "do_syncrep2:
rid=105 CSN too old, ignoring 20100811125159.871757Z#000000#001#000000"
If i sync the hole DIT all works fine.
If i use openldap 2.4.19 for syncing only a part of the DIT all works fine too.
The version of the provider is 2.4.23 too.
slapd.conf on the provider:
...snip....
database ldap
lastmod on
suffix "dc=krb"
rootdn "cn=admin,dc=krb"
uri "ldaps://lbackend.s2.dc.gvcc.net:10636"
readonly on
...snip...
slapd.conf on the consumer:
# Schema and objectClass definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/sgv.schema
include /etc/openldap/schema/mozillaOrgPerson.schema
include /etc/openldap/schema/kerberos.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
allow bind_v2
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
#schemacheck on
loglevel none
#######################################################################
# ldbm database definitions
#######################################################################
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload rwm
sizelimit unlimited
tool-threads 1
access to *
by * write
include /etc/openldap/tls.conf
backend hdb
# KERBEROS
database hdb
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod on
suffix "dc=krb"
checkpoint 512 30
directory "/var/lib/ldap/krb"
rootdn "cn=admin,dc=krb"
rootpw blabla
include /etc/openldap/slapd.replica.consumer-krb
index objectClass eq
index krbPrincipalName eq,pres,sub
index krbPwdPolicyReference eq,pres
index entryUUID,aliasedObjectName eq
index default sub
###############################################################################
/etc/openldap/slapd.replica.consumer-krb:
# syncrepl
syncrepl rid=101 searchbase="dc=krb" scope=base
provider=ldaps://syncrepl.zid.gvcc.net
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=off
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/openldap/.ssl/usercert.pem
tls_key=/etc/openldap/.ssl/user.key
tls_cacert=/etc/ssl/cacert.pem
tls_reqcert=try
syncrepl rid=102 searchbase="cn=princs,dc=krb" scope=base
provider=ldaps://syncrepl.zid.gvcc.net
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=off
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/openldap/.ssl/usercert.pem
tls_key=/etc/openldap/.ssl/user.key
tls_cacert=/etc/ssl/cacert.pem
tls_reqcert=try
syncrepl rid=103 searchbase="cn=krbcontainer,dc=krb" scope=sub
provider=ldaps://syncrepl.zid.gvcc.net
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=off
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/openldap/.ssl/usercert.pem
tls_key=/etc/openldap/.ssl/user.key
tls_cacert=/etc/ssl/cacert.pem
tls_reqcert=try
syncdata=default
syncrepl rid=104 searchbase="o=zid,cn=princs,dc=krb" scope=sub
provider=ldaps://syncrepl.zid.gvcc.net
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=off
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/openldap/.ssl/usercert.pem
tls_key=/etc/openldap/.ssl/user.key
tls_cacert=/etc/ssl/cacert.pem
tls_reqcert=try
syncdata=default
syncrepl rid=105 searchbase="o=klingons,cn=princs,dc=krb" scope=sub
provider=ldaps://syncrepl.zid.gvcc.net
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=off
bindmethod=sasl
saslmech=EXTERNAL
tls_cert=/etc/openldap/.ssl/usercert.pem
tls_key=/etc/openldap/.ssl/user.key
tls_cacert=/etc/ssl/cacert.pem
tls_reqcert=try
syncdata=default
##################################################################
buid-options for both versions (2.4.19 and 2.4.23) used on the consumer an on
the provider:
./configure --prefix=${prefix} --bindir=${prefix}/bin --sbindir=${prefix}/sbin
--libexecdir=${prefix}/lib --libdir=${prefix}/lib --sysconfdir=/etc
--localstatedir=/var --mandir=${prefix}/share/man --enable-debug
--enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local
--enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd
--enable-spasswd --enable-modules --enable-rewrite --enable-rlookups
--enable-slapi --enable-slp --enable-wrappers --enable-backends=mod
--disable-ndb --enable-overlays=mod --with-subdir=ldap --with-cyrus-sasl
--with-threads --with-tls=openssl --with-odbc=unixodbc --build x86_64-linux-gnu