[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: syncrepl and glue



Thanks, I'll create an ITS for that later today.

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: 11 January 2006 03:20
To: Spicer, Kevin (MBLEA it)
Subject: Re: syncrepl and glue

If the consumer is getting search entries without the expected syncrepl 
control attached, that means the provider isn't doing its thing. 
Apparently putting glue in front of syncprov disables syncprov, this is 
likely a bug in glue.

Spicer, Kevin wrote:
> -----Original Message-----
> From: Howard Chu [mailto:hyc@symas.com] 
>
>   
>> The answer is in the description for "subordinate" in slapd.conf(5).
>>     
> You 
>   
>> have to exchange the order of the syncprov and glue overlays to
prevent
>>     
>
>   
>> the provider from descending into the glued databases.
>>     
>
> Thanks, however that doesn't seem to solve the problem of no
replication
> happening (although it appears to have solved the random changes to db
> problem).  I have verified that replication works with the subordinate
> directives (and 'overlay glue' directive) commented on the provider.
>
> My database definition on the provider for the superior db contains
the
> following
>
> ### START ###
> database        bdb
> suffix          "dc=mydomain,dc=com"
> rootdn          "cn=Manager,dc=mydomain,dc=com"
> rootpw          XXXXXXXXXXXXXXXXXXXXX
> directory       /var/db/ldap/central
>
>
> overlay         syncprov
> overlay         glue
> overlay         ppolicy
>
> ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
> ppolicy_use_lockout
>
> syncprov-checkpoint 100 10
> syncprov-sessionlog 100
>
> #Indexes etc.
> ### END ###
>
> The consumer has this...
>
> ###START###
> database        bdb
> suffix          "dc=mydomain,dc=com"
> rootdn          "cn=Manager,dc=mydomain,dc=com"
> rootpw          XXXXXXXXXXXXXXXXXXXXXXX
>
> syncrepl rid=501
>         provider=ldaps://master.mydomain.com
>         type=refreshAndPersist
>         searchbase="dc=mydomain,dc=com"
>         filter="(objectClass=*)"
>         scope=sub
>         retry="30 10 120 30 300 +"
>         binddn=cn=syncuser,dc=mydomain,dc=com
>         bindmethod=simple
>         credentials=xxxxxx
>
> updateref       ldaps://master.mydomain.com
>
> directory       /var/db/ldap/central
>
> overlay         glue
> overlay         ppolicy
>
> ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com"
> ppolicy_use_lockout
>
> # Indexes...
> ###END###
>
> I have tried it with the ppolicy directives removed on the provider,
but
> that doesn't have an 
> impact.  I'm seeing the following log lines on the consumer...
>
> slapd[18668]: [ID 764482 local4.debug] do_syncrep2: got search entry
> without control
>
> (These correspond to binds from the syncuser on the provider)
>
> Turning up logging on the provider I see this line..
> slapd[20818]: [ID 430416 local4.debug] slap_global_control:
unavailable
> control: 1.3.6.1.4.1.4203.1.9.1.1
>
>
>
>
>
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/


=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++