[Date Prev][Date Next]
Re: Syncrepl-Consumer deletes entries
- To: firstname.lastname@example.org
- Subject: Re: Syncrepl-Consumer deletes entries
- From: Joachim Hergeth <email@example.com>
- Date: Tue, 01 May 2007 12:38:14 +0200
- In-reply-to: <firstname.lastname@example.org>
- References: <461DF00E.email@example.com> <firstname.lastname@example.org>
- User-agent: Thunderbird 22.214.171.124 (Windows/20070221)
I would like to make a (late) conclusion to my initial question and the
answers I got.
Ralf Haferkamp suggested an LDAP update but also pointed to some flaws
in the slapd.conf file. We did not check the update (internal
reasons...) but I experimented with the problems in slapd.conf.
And after some trials it seems, that the erroneous entry
"syncprov-sessionlog 1" starting a continuation line was the reason for
After fixing this, all entries in the consumer LDAP remained stable.
Thanks for your help
Ralf Haferkamp schrieb:
On Thursday 12 April 2007 10:38, Joachim Hergeth wrote:
I guess that you are testing this with the OpenLDAP Version that shipped with
SLES10? Would you mind try a newer Version, e.g. the RPMs from
http://software.opensuse.org/download/OpenLDAP/SLE_10/ and check if the
problem is there as well? Note, that we have an update in the queue for
SLES10 to bring it to a more recent version.
I have an OpenLDAP provider/consumer installation on two SLES10 systems.
One is set up as a provider LDAP, the second is a consumer LDAP using
"refreshOnly" synrepl synchronization. The LDAP provides user
information for a Samba installation.
The initial synchronization of the consumer works as expected. All LDAP
entries are copied to the consumer directory. But after some time,
usually when users log in into the Samba running with the provider LDAP,
nearly 50% of all LDAP entries on the consumer are deleted. This happens
without any change on the provider LDAP!
Some general comments regarding you configuration (I guess you special problem
is not related to those):
- The provider config has a line "schemacheck on" this is not a valid
slapd.conf statement (IIRC it is from OpenLDAP 2.0.X times or even older)
- To debug syncrepl Problems it is most helpful to have the loglevel "sync"
enabled. You can to that by just adding "sync" to you "loglevel" line.
- The "backend bdb" statement is superfluous
- The "syncprov-sessionlog 1" begins with whitespaces, might be a copy 'n
paste error in the mail. If it also begins with whitespaces in your
slapd.conf you should remove the whitespace. Otherwise it would be treated
as the continuation of the previous line (which is wrong). Additionally a
sessionlog of "1" operation doesn't make much sense IMO. I suggest you
either remove that option or set it to a more reasonable value.
- I don't know how large you database is (how many entries) but I should make
sure that the syncrepl consumer does not hit the sizelimit of your provider.
As you have not configure any sizelimit the default is used which is 500.
You can adjust the sizelimit with the "sizelimit" or the "limits" directive
in slapd.conf (see slapd.conf man-page for details).
Checking if it works with a more recent Version and logfiles with syncrepl
logging enabled might help to clear up the issue.
Checking the logs I found, that delete-messages can be found in the
consumers system log.
I do not understand the source of the problem. No entries in the
provider LDAP are deleted, so no entries should be deleted in the consumer.
To check the installation, I set up a second consumer in a VMWare
environment. And also in this system, which had been set up from scratch
and only holds the OpenLDAP-consumer, the entries are deleted at the
same time when they are deleted in the "real" OpenLDAP consumer system.
When I change an attribute of an entry in the provider LDAP which has
been deleted from the consumer by this process, like adding a
description, this change is forwarded to th consumer and the entry
"reappears" in the LDAP of the consumer.