[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Delta-syncrepl issues when missing schema

Scott Sanders wrote:
Hello OpenLDAP fans,

I have a situation which came to my attention inadvertantly after creating a new replication slave for my directory. The directory holds a number of posix user accounts, and some of these entries with the posixAccount object class also have a sambaSamAccount object class. I use delta-syncrepl for my slaves, because of how quickly I can set them up at new locations. However, after creating this slave and setting up auth through PAM on a linux machine to use the new slave I found I was unable to log in, but other users could. After checking the contents of ou=people on the slave, it seems no entries referencing any samba attributes or samba object classes were replicated. As it turns out, I had forgotten to include samba.schema in my slave slapd.conf.

Now, I set out to fix this on my own. Restarting the server after adding the schema definition did not populate the samba entries on the slave. I was instructed to try modifying one of the missing entries by the wonderful users in #ldap, in hopes it would trigger syncrepl to send the missing entry to the slave. This also had no effect. After 30 minutes of frusteration I simply wiped out the openldap-data directory on the slave and restarted LDAP. This did work. However, it recreated the whole database on the slave, which could have taken a long time if my directory was larger.

In the future I would like to know how to repair replication issues in a less blunt manner. Any suggestions or comments would be appreciated.

I don't think there are too many alternatives. As the name says, delta syncrepl takes advantage of having deltas, i.e. incremental modifications, stored somewhere on the producer. Since the difference between your producer and your consumer are not related to modifications on the producer, there's little but a full refresh that could be done. The full refresh implies that all entries are collected by the consumer, so I don't see any difference (in terms of bandwidth) between a full refresh and restarting from scratch. There'd be a small difference in that some entries might not need to be modified.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it