[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OL 2.3.18 syncrepl vs slurpd





--On Monday, January 23, 2006 9:04 AM -0500 Francis Swasey <Frank.Swasey@uvm.edu> wrote:

There is also a tech tip there discussing the pros and cons of the
different replication mechanisms.

Thank you, I followed that tech tip and after fixing the index statements to not include spaces (will you take this as an issue report to fix the tech tip or should I file an ITS somewhere?) I have it working.

I'll take a look at it. It may be an issue with PHPBB unfortunately.

Now, I have discovered three things.

1) delta-syncrepl doesn't seem to have any way to filter the amount of
what is sent -- so, it has the same issues that I'm fighting with slurpd
of sending every update to all the replicas and perhaps I do not want all
the updates on all the replicas (this was the reason for me going to
syncrepl).

You could, of course, have more than one accesslog database, each with what you wanted going to the different replicas. Or, alternately, you should be able to use a filter similar to what you configured for syncRepl for use with delta-syncrepl on the accesslog DB.


2) There is a DOS against the master server if the consumer codes a bad
logfilter.  You will see a bad filter indication in the log on the master
(with loglevel stats) when the consumer starts up.  The first update to
the master after that will cause slapd to end with nothing going into the
syslog at all, but suddenly, it's not running anymore. Given that anyone
could fire up a syncrepl consumer and point it at my master... that's a
rather nasty one...  Has anyone else noticed it (I honestly just found it
and have not searched in the ITS yet)?

I'm not really sure this is a DOS attack. It certainly causes a segfault on the master. However, I assume that it requires a replica that can bind with valid credentials to the master, implying the administrator would have to be the one initiating such an attack on themselves... In any case, I imagine it'll be fixed fairly soon. :P


3) loglevel sync on the syncrepl consumer doesn't log anything with
delta-syncrepl.  Did I miss something in the slapd.conf(5) man page about
the loglevel to get delta-syncrepl actions logged?  Or is it in a
different man page, that I didn't think to look at?

This one I haven't played with, but it sounds like a bug.

--Quanah

--
Quanah Gibson-Mount
Product Engineer
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>