I can simulate the problem, since I have a cron job running at every 1 minute to execute query to the LDAP records, e.g. if the password is nearly expired, I will update a user-defined value. Since 4 servers will see that record will expire and set the record simultaneously at the same time, what will happen to this case ? It seems that it will corrupt the contextCSN.
The reason to have this cron job running so frequently is that I want to check the pwdAccountLockedTime, if this attribute is present, I will update a user-defined value and this will synchronize to other servers. My question is, when a user is locked in one server (the pwdAccountLockedTime attribute exists), why the LDAP will not sync this attribute to other servers ??? Is this spec. or program bug ? I need to manually update a user-defined attrbiute, then, everything will be in synced...
> Date: Tue, 11 Nov 2008 12:16:39 +0100
> From: firstname.lastname@example.org
> To: email@example.com
> CC: firstname.lastname@example.org
> Subject: Re:
> Bad Guy wrote:
> > Dear all,
> > I am running the openldap 2.4.11 with 4 way masters (SID=001 to 004) configured. (my suffix is empty in slapd.conf)
> > The data can be synced initially. I add records in 1 server and all the other 3 servers will have the new record added. However, I found that after running for some time, one server will have corrupted contextCSN in SID=001.
> > dn:
> > contextCSN:: sCttCIio0wAxNTQzMTMuMDQ1Mjk3WiMwMDAwMDAjMDAyIzAwMDAwMA==
> > contextCSN: 20081107061013.853051Z#000000#001#000000
> > contextCSN: 20081107073602.911356Z#000000#003#000000
> > contextCSN: 20081107061028.825773Z#000000#004#000000
> > The contextCSN for SID=002 in server 1 is corrupted. So, whenever there is an update in SID=002 server, th e SID=001 server will never get the update,
> > however, when there is update in SID=003 or SID=004 server, the records will get updated in SID=001.
> > We have a background cron job in each server running at 1 minutes interval to retrieve the records and set some user defined attributes if it meet some certain criteria.
> > What's the cause to this corruption ? Is there any way to recover the corrupted contextCSN by command or script without rebuild the data ?
> Looks similar to <http://www.openldap.org/its?findid=5661>. Can you
> post your configuration? Also, can you try re24 code from the CVS (or
> wait until 2.4.13 is out)?
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Fax: +39 0382 476497
> Email: email@example.com
5 GB 超大容量 、創新便捷、安全防護垃圾郵件和病毒 — 立即升級 Windows Live Hotmail?