[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl replication on 2.4.19 (stable)

To: openldap-software@openldap.org
Subject: syncrepl replication on 2.4.19 (stable)
From: "Brett @Google" <brett.maxfield@gmail.com>
Date: Wed, 4 Nov 2009 17:48:28 +1000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=28+h+B8tjBgNzKsBqpqyqq04JWLbqvyCaQLQ55AOeKc=; b=lvzPxz0j2R7bHfmcKYhvUezqkaLkUEOtHNJKdsF1ckN2BWngT94TINKPbXM5xzdGJF 7u5vS0IpT/7wh8pTbVq5e0Me/z7oluQ1DAIY6x7rKe75cwz2gKSdCe0uJWpR3GDo5x8k JvjD4MAaHnoVNZ6ZOE4m6ePgDUajUGG90MM4E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=uYLgQG7hOTBGNW5RbOM7ZtYyASafaIOVfyiJFNIZVm+39Y7dmTMKUu1IQ3F0Th2uFJ eZUzCgpzJicIDEnVlcH9qF6S6UsBA2/1Y9Hhze1+7EXCGtA0t61SSMe/WiR/DJiIkFe2 SOEo8jJ/kj93SjsnGFyl5OIKAOFm16gx3y+7E=

Hello,

I am having a very odd problem after upgrading from openldap 2.4.16 (stable)

I have a syncrepl provider/ consumer setup using openldap 2.4.19 (stable) and when i start an empty consumer, in the provider logs i am getting:

Nov 4 17:07:51 producer slapd[7250]: [ID 702911 local4.debug] @(#) $OpenLDAP: slapd 2.4.19 (Nov 4 2009 12:53:47) $
Nov 4 17:07:51 producer        @qgdevpro:/home/govops/build.local/openldap-2.4.19/servers/slapd
Nov 4 17:07:51 producer slapd[7286]: [ID 100111 local4.debug] slapd starting
Nov 4 17:08:04 producer slapd[7286]: [ID 848112 local4.debug] conn=0 fd=16 ACCEPT from IP=10.0.0.2:53951 (IP=10.0.0.1:389)
Nov 4 17:08:04 producer slapd[7286]: [ID 215403 local4.debug] conn=0 op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128
Nov 4 17:08:04 producer slapd[7286]: [ID 600343 local4.debug] conn=0 op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0
Nov 4 17:08:04 producer slapd[7286]: [ID 588225 local4.debug] conn=0 op=0 RESULT tag=97 err=0 text=
Nov 4 17:08:04 producer slapd[7286]: [ID 469902 local4.debug] conn=0 op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Nov 4 17:08:04 producer slapd[7286]: [ID 744844 local4.debug] conn=0 op=1 SRCH attr=* +
Nov 4 17:08:04 producer slapd[7286]: [ID 832699 local4.debug] conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 4 17:08:04 producer slapd[7286]: [ID 218904 local4.debug] conn=0 op=2 UNBIND
Nov 4 17:08:04 producer slapd[7286]: [ID 952275 local4.debug] conn=0 fd=16 closed

on the consumer i get a lot of (one set after each refresh attempt) :

Nov 4 17:41:04 consumer slapd[7660]: [ID 365351 local4.debug] do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT
Nov 4 17:41:04 consumer slapd[7660]: [ID 664938 local4.debug] do_syncrepl: rid=001 rc -2 retrying

Important part being "nentries=0", i run the equivalent command at the command propmt of the consumer, ie:

ldapsearch -b dc=example,dc=org -D 'cn=replicator,dc=example,dc=org' -w <password> -s sub -x '(objectclass=*) ' '* +'

I get the result i would expect above, ie:

Nov 4 17:20:14 producer slapd[7286]: [ID 848112 local4.debug] conn=16 fd=16 ACCEPT from IP=10.0.0.2:54049 (IP=10.0.0.1:389)
Nov 4 17:20:14 producer slapd[7286]: [ID 215403 local4.debug] conn=16 op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128
Nov 4 17:20:14 producer slapd[7286]: [ID 600343 local4.debug] conn=16 op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0
Nov 4 17:20:14 producer slapd[7286]: [ID 588225 local4.debug] conn=16 op=0 RESULT tag=97 err=0 text=
Nov 4 17:20:14 producer slapd[7286]: [ID 469902 local4.debug] conn=16 op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Nov 4 17:20:14 producer slapd[7286]: [ID 744844 local4.debug] conn=16 op=1 SRCH attr=* +
Nov 4 17:21:03 producer slapd[7286]: [ID 832699 local4.debug] conn=16 op=1 SEARCH RESULT tag=101 err=0 nentries=85611 text=
Nov 4 17:21:03 producer slapd[7286]: [ID 218904 local4.debug] conn=16 op=2 UNBIND
Nov 4 17:21:03 producer slapd[7286]: [ID 952275 local4.debug] conn=16 fd=16 closed

Note here i get nentries=85611 (with a phole bunch of results) for what is essentialy the same query.

I'd appreciate any feedback, surely i must be missing something really obvious?

My config is below.

Cheers
Brett

<< begin of provider slapd >>

######################################################################
# global options
######################################################################

include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema

modulepath    /usr/local/openldap/libexec/openldap
#moduleload    back_ldbm.la
#moduleload    back_monitor.la

pidfile         /var/openldap/run/slapd.pid
argsfile        /var/openldap/run/slapd.args

# threads for faster concurrent slapadd
tool-threads    4

######################################################################
# global database ACLs
######################################################################

# allow replicator to read all
access to *
    by dn.exact="cn=replicator,dc=example,dc=org" read
    by * break

[ ..etc.. ]

# default rules
access to *
    by self write
    by * read

######################################################################
# logging configuration
######################################################################

# testing
loglevel stats sync

######################################################################
# primary database
######################################################################

database        hdb
suffix          "dc=example,dc=org"

directory       /var/openldap/data
rootdn          "cn=Manager, dc=example,dc=org"
rootpw          <password>

checkpoint      2000 15
cachesize       20000
idlcachesize    60000
cachefree       4000

# unlimited dn cache (openldap 2.4.16 and above)
dncachesize     0

# General Indexes (there is more than this - but they are all the same form)
index default pres,eq
index objectClass,uid,mail pres,eq
index cn,sn,ou,streetAddress,givenName,title,telephoneNumber eq,sub

# Indices for Syncrepl
index entryCSN,entryUUID eq

# allow replicator DN have unlimited searches (per-database)
limits dn.exact="cn=replicator,dc=example,dc=org" time=unlimited size=unlimited

######################################################################
# replication information - monitor backend
######################################################################

database monitor

<< end of provider slapd >>

<< below snipit added to above on the consumer only, just before "database monitor", but after the rest of the config >>

######################################################################
# replication information - only for consumer
######################################################################

# Where we pull data from
syncrepl        rid=001
                provider=ldap://provider.example.org:389
                bindmethod=simple
                binddn="cn=replicator,dc=example,dc=org"
                credentials=<password>
                searchbase="dc=example,dc=org"
                filter=(objectclass=*)
                attrs="*,+"
                schemachecking=off
                scope=sub
                type=refreshAndPersist
                retry="60 +"

# not using accesslog atm - debugging initial refresh
#                logbase="cn=accesslog"
#                logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
#                syncdata=accesslog

# Refer all rights to master
updateref       ldap://provider.example.org:389

Follow-Ups:
- Re: syncrepl replication on 2.4.19 (stable)
  - From: "Brett @Google" <brett.maxfield@gmail.com>
- Re: syncrepl replication on 2.4.19 (stable)
  - From: Jonathan Clarke <jonathan@phillipoux.net>

Prev by Date: changes no longer replicated between the masters
Next by Date: Re: Syncrepl: Two step forward, one step back
Index(es):
- Chronological
- Thread