[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl only works as rootdn

Christopher Cowart wrote:
On Thu, Feb 01, 2007 at 08:25:52PM -0800, Howard Chu wrote:
Redirected from -bugs; there is no evidence of a bug here.
Perhaps the -software list charter should include mention of support
issues or questions? As it was, -bugs seemed most appropriate.

The -bugs list is for discussion of actual bug reports. Bug reports are submitted using the ITS. Usage questions belong on the -software list. As its charter says: "technical issues specific to OpenLDAP Software."

More information is needed. There's no indication that ACLs are any problem here. Of course, you've listed your rootdn in your ACLs, which is useless.

Could you suggest what other information might be helpful? I thought the fact that syncrepl works when binding as the rootdn but not the syncrepl user indicated ACLs. What makes you think otherwise?

Aside from the extraneous rootdn rules, there was no problem with your ACLs. You should have provided the complete database configuration on the provider, for starters. At this point that's probably not necessary since you obviously didn't have the correct limits in place. These requirements are documented in section 15.3.2 of the Admin Guide.

One possible explanation is that you didn't raise the sizelimits for the syncrepl users, so they weren't able to get a full refresh.

Thanks for this suggestion. I've added this (from a forum post):
| limits dn.regex="cn=syncrepl-ldap1,dc=example,dc=com" | time.soft=unlimited time.hard=unlimited size.soft=unlimited | size.hard=unlimited

After restarting the provider, the consumer is still not replicating the
missing portions of the directory. Do you have any other suggestions?

You'll probably need to reset the sync cookie on the consumers. See section 15.3.3 of the Admin Guide, and/or the slapd(8) manpage.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/