[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need help syncing with syncrepl 2.3

To: openldap-software@openldap.org
Subject: Re: Need help syncing with syncrepl 2.3
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 30 Mar 2010 12:10:42 +0100
Cc: "L.B." <allegatis@gmail.com>
In-reply-to: <74d087111003291330j32db0567l1b0e46d62a37757b@mail.gmail.com>
References: <74d087111003291330j32db0567l1b0e46d62a37757b@mail.gmail.com>
User-agent: KMail/1.12.2 (Linux/2.6.31.12-desktop-1mnb; KDE/4.3.2; x86_64; ; )

On Monday, 29 March 2010 21:30:20 L.B. wrote:
> Hi;
> 
> I've finally decided to make the move to syncrepl after much delay and
> procrastination. I've read the guide and also reviewed several howto's
> on the topic... It still isn't running correctly for me because it
> doesn't replicate a few new users I've added to the provider. Also I'm
> seeing the following issue over and over (every time it tries a sync
> on my 10m interval):

This normally indicates that the consumer didn't get the final control, usually 
because it didn't have sufficient (size/time) access to get the full search 
results.


> #########
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001
> LDAP_RES_INTERMEDIATE - SYNC_ID_SET
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent:
> rid 001 be_delete
> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0)
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
> be_search (0)
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com
> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add
>  (0) Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001
> LDAP_RES_SEARCH_RESULT
> #########
> 
> My setup is RHEL4 with Buchan's RPMs
> (openldap2.3-servers-2.3.39-3.rhel4, etc.).

2.3.43 has been available for a long time ...

> I have a fairly simple
> setup, one provider and one consumer.
> 
> Here is my provider config:
> ######################
> 
> include /usr/share/openldap2.3/schema/core.schema
> include /usr/share/openldap2.3/schema/cosine.schema
> include /usr/share/openldap2.3/schema/inetorgperson.schema
> include /usr/share/openldap2.3/schema/nis.schema
> include /usr/share/openldap2.3/schema/misc.schema
> include /usr/share/openldap2.3/schema/corba.schema
> include /usr/share/openldap2.3/schema/openldap.schema
> include /usr/share/openldap2.3/schema/ppolicy.schema
> include /usr/share/openldap2.3/schema/ldapns.schema
> 
> access to *
>   by dn.exact="cn=Replicator,dc=swa,dc=com" read
>   by self read
>   by * none break
> 
> limits group="cn=Replicator,dc=swa,dc=com"
>   size=unlimited
>   time=unlimited

The intention in my limits example is that you would create a groupOfNames for 
cn=Replicator, and add additional host-specific DNs to this groupOfNames 
object. But, it seems you have only one cn=Replicator non-group entry, changed 
the ACL appropriately, but not the limits statement.

[...]

> syncrepl rid=001
>      provider=ldap://ldap-agis01.mascorp.com
>      type=refreshOnly
>      interval=00:00:10:00
>      retry="60 10 300 +"
>      searchbase="dc=swa,dc=com"
>      filter="(objectClass=*)"
>      binddn="cn=Replicator,dc=swa,dc=com"
>      bindmethod=simple
>      credentials=yadayadayada
>      schemachecking=off
> updateref ldap://ldap-agis01.mascorp.com/


Assuming you have more than 500 entries, if you do a search as this syncrepl 
binddn, with the rest of the search parameters based on the syncrepl 
configuration, do you get all entries, or a "Size limit exceeded" ?

Regards,
Buchan

References:
- Need help syncing with syncrepl 2.3
  - From: "L.B." <allegatis@gmail.com>

Prev by Date: Re: slow slave performance
Next by Date: Re: kerberized OpenLDAP
Index(es):
- Chronological
- Thread