[Date Prev][Date Next] [Chronological] [Thread] [Top]

Deletions not propagating in multi-hop syncRepl environment



OpenLDAP 2.2.26 on FreeBSD 4.10-STABLE.

I'm not sure whether this is a bug or a misconfiguration, so I thought I'd 
ask here before filing an ITS.

We have a central replication server which accepts updates for several 
suffixes and propagates them out to the other slaves i.e. no more than 2 
hops with complexity O(n) instead of O(n^2).  There are around 15 suffixes 
in total, so keeping it simple is rather important...

This worked fine with SLURP, but I've just noticed that deletions from a 
remote master do not propagate with SyncRepl to other slaves.  Additions 
and updates work fine, but not deletions.

For example:

MASTER:	my.example.com (dc=my,dc=example,dc=com) is a Provider

SERVER:	hub.example.com is both a Provider and a Consumer

SLAVE:	au.example.com is a Consumer

I delete an entry upon MASTER, and it gets deleted upon SERVER as well, 
but not SLAVE.

MASTER configuration (abridged):

database	bdb
suffix		"dc=my,dc=example,dc=com"
directory	/usr/local/openldap-data/example.com/my
sessionlog	3 20	# Seems to make no difference

SERVER configuration (abridged):

database	bdb
suffix		"dc=my,dc=example,dc=com"
directory	/usr/local/openldap-data/example.com/my
sessionlog	3 20	# Seems to make no difference
syncrepl	rid=3
	provider=ldap://my.example.com:389
	type=refreshAndPersist
	retry=5,5,10,+
	searchbase="dc=my,dc=example,dc=com"
	filter="(objectClass=*)"
	scope=sub
	attrs="*"
	schemachecking=off
	updatedn="cn=ModMan,dc=my,dc=example,dc=com"
	bindmethod=simple
	binddn="cn=ConMan,dc=my,dc=example,dc=com"
	credentials="secret"
updateref  ldap://my.example.com

SLAVE configuration (abridged):

database	bdb
suffix		"dc=my,dc=example,dc=com"
directory	/usr/local/openldap-data/example.com/my
syncrepl	rid=3
	provider=ldap://hub.example.com:389
	type=refreshAndPersist
	retry=1,5,5,5,10,+
	searchbase="dc=my,dc=example,dc=com"
	filter="(objectClass=*)"
	scope=sub
	attrs="*"
	schemachecking=off
	updatedn="cn=ModMan,dc=my,dc=example,dc=com"
	bindmethod=simple
	binddn="cn=ConMan,dc=my,dc=example,dc=com"
	credentials="secret"
updateref	ldap://my.example.com:389

Initially I did not have the "sessionlog" directive, but adding it to 
SERVER thence to MASTER made no difference.

I'm tempted to think that because additions and changes work just fine,
the configuration is OK and it's a subtle SyncRepl bug...

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 8425-5508 (d) -5500 (sw)
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia