[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: syncrepl and glue



-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 

>The answer is in the description for "subordinate" in slapd.conf(5).
You 
>have to exchange the order of the syncprov and glue overlays to prevent

>the provider from descending into the glued databases.

Thanks, however that doesn't seem to solve the problem of no replication
happening (although it appears to have solved the random changes to db
problem).  I have verified that replication works with the subordinate
directives (and 'overlay glue' directive) commented on the provider.

My database definition on the provider for the superior db contains the
following

### START ###
database        bdb
suffix          "dc=mydomain,dc=com"
rootdn          "cn=Manager,dc=mydomain,dc=com"
rootpw          XXXXXXXXXXXXXXXXXXXXX
directory       /var/db/ldap/central


overlay         syncprov
overlay         glue
overlay         ppolicy

ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
ppolicy_use_lockout

syncprov-checkpoint 100 10
syncprov-sessionlog 100

#Indexes etc.
### END ###

The consumer has this...

###START###
database        bdb
suffix          "dc=mydomain,dc=com"
rootdn          "cn=Manager,dc=mydomain,dc=com"
rootpw          XXXXXXXXXXXXXXXXXXXXXXX

syncrepl rid=501
        provider=ldaps://master.mydomain.com
        type=refreshAndPersist
        searchbase="dc=mydomain,dc=com"
        filter="(objectClass=*)"
        scope=sub
        retry="30 10 120 30 300 +"
        binddn=cn=syncuser,dc=mydomain,dc=com
        bindmethod=simple
        credentials=xxxxxx

updateref       ldaps://master.mydomain.com

directory       /var/db/ldap/central

overlay         glue
overlay         ppolicy

ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
ppolicy_use_lockout

# Indexes...
###END###

I have tried it with the ppolicy directives removed on the provider, but
that doesn't have an 
impact.  I'm seeing the following log lines on the consumer...

slapd[18668]: [ID 764482 local4.debug] do_syncrep2: got search entry
without control

(These correspond to binds from the syncuser on the provider)

Turning up logging on the provider I see this line..
slapd[20818]: [ID 430416 local4.debug] slap_global_control: unavailable
control: 1.3.6.1.4.1.4203.1.9.1.1



=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++