[Date Prev][Date Next]
Re: syncrepl only works as rootdn
- To: Christopher Cowart <firstname.lastname@example.org>
- Subject: Re: syncrepl only works as rootdn
- From: Howard Chu <email@example.com>
- Date: Thu, 01 Feb 2007 21:23:54 -0800
- Cc: OpenLDAP-Software@OpenLDAP.org
- In-reply-to: <20070202045939.GY28577@rescomp.berkeley.edu>
- References: <20070202030415.GX28577@rescomp.berkeley.edu> <45C2BD50.firstname.lastname@example.org> <20070202045939.GY28577@rescomp.berkeley.edu>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2pre) Gecko/20070128 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a
Christopher Cowart wrote:
On Thu, Feb 01, 2007 at 08:25:52PM -0800, Howard Chu wrote:
Redirected from -bugs; there is no evidence of a bug here.
Perhaps the -software list charter should include mention of support
issues or questions? As it was, -bugs seemed most appropriate.
The -bugs list is for discussion of actual bug reports. Bug reports are
submitted using the ITS. Usage questions belong on the -software list. As its
charter says: "technical issues specific to OpenLDAP Software."
More information is needed. There's no indication that ACLs are any problem
here. Of course, you've listed your rootdn in your ACLs, which is useless.
Could you suggest what other information might be helpful? I thought the
fact that syncrepl works when binding as the rootdn but not the syncrepl
user indicated ACLs. What makes you think otherwise?
Aside from the extraneous rootdn rules, there was no problem with your ACLs.
You should have provided the complete database configuration on the provider,
for starters. At this point that's probably not necessary since you obviously
didn't have the correct limits in place. These requirements are documented in
section 15.3.2 of the Admin Guide.
One possible explanation is that you didn't raise the sizelimits for the
syncrepl users, so they weren't able to get a full refresh.
Thanks for this suggestion. I've added this (from a forum post):
| limits dn.regex="cn=syncrepl-ldap1,dc=example,dc=com"
| time.soft=unlimited time.hard=unlimited size.soft=unlimited
After restarting the provider, the consumer is still not replicating the
missing portions of the directory. Do you have any other suggestions?
You'll probably need to reset the sync cookie on the consumers. See section
15.3.3 of the Admin Guide, and/or the slapd(8) manpage.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/