[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl-Consumer deletes entries



I would like to make a (late) conclusion to my initial question and the answers I got.

Ralf Haferkamp suggested an LDAP update but also pointed to some flaws in the slapd.conf file. We did not check the update (internal reasons...) but I experimented with the problems in slapd.conf.

And after some trials it seems, that the erroneous entry "syncprov-sessionlog 1" starting a continuation line was the reason for the problems......

After fixing this, all entries in the consumer LDAP remained stable.

Thanks for your help
J.Hergeth

Ralf Haferkamp schrieb:
On Thursday 12 April 2007 10:38, Joachim Hergeth wrote:
Hello list,

I have an OpenLDAP provider/consumer installation on two SLES10 systems.
One is set up as a provider LDAP, the second is a consumer LDAP using
"refreshOnly" synrepl synchronization. The LDAP provides user
information for a Samba installation.

The initial synchronization of the consumer works as expected. All LDAP
entries are copied to the consumer directory. But after some time,
usually when users log in into the Samba running with the provider LDAP,
nearly 50% of all LDAP entries on the consumer are deleted. This happens
without any change on the provider LDAP!
I guess that you are testing this with the OpenLDAP Version that shipped with SLES10? Would you mind try a newer Version, e.g. the RPMs from http://software.opensuse.org/download/OpenLDAP/SLE_10/ and check if the problem is there as well? Note, that we have an update in the queue for SLES10 to bring it to a more recent version.

Some general comments regarding you configuration (I guess you special problem is not related to those):
- The provider config has a line "schemacheck on" this is not a valid slapd.conf statement (IIRC it is from OpenLDAP 2.0.X times or even older)
- To debug syncrepl Problems it is most helpful to have the loglevel "sync" enabled. You can to that by just adding "sync" to you "loglevel" line.
- The "backend bdb" statement is superfluous
- The "syncprov-sessionlog 1" begins with whitespaces, might be a copy 'n paste error in the mail. If it also begins with whitespaces in your slapd.conf you should remove the whitespace. Otherwise it would be treated as the continuation of the previous line (which is wrong). Additionally a sessionlog of "1" operation doesn't make much sense IMO. I suggest you either remove that option or set it to a more reasonable value.
- I don't know how large you database is (how many entries) but I should make sure that the syncrepl consumer does not hit the sizelimit of your provider. As you have not configure any sizelimit the default is used which is 500. You can adjust the sizelimit with the "sizelimit" or the "limits" directive in slapd.conf (see slapd.conf man-page for details).


Checking the logs I found, that delete-messages can be found in the
consumers system log.

I do not understand the source of the problem. No entries in the
provider LDAP are deleted, so no entries should be deleted in the consumer.
Checking if it works with a more recent Version and logfiles with syncrepl logging enabled might help to clear up the issue.

To check the installation, I set up a second consumer in a VMWare
environment. And also in this system, which had been set up from scratch
and only holds the OpenLDAP-consumer, the entries are deleted at the
same time when they are deleted in the "real" OpenLDAP consumer system.

When I change an attribute of an entry in the provider LDAP which has
been deleted from the consumer by this process, like adding a
description, this change is forwarded to th consumer and the entry
"reappears" in the LDAP of the consumer.