Re: syncrepl missing entries in openldap 2.4.23

[Howard Chu <hyc@symas.com>]

James_Whiteacre@McAfee.com wrote:
> So does OpenLDAP have another mechanism to do this? Combine two ldap providers into a single consumer that is?

I've already answered that. You need to read more carefully.
> Jim
>
>
> On Mar 4, 2011, at 4:31 PM, Howard Chu wrote:
>
> > James_Whiteacre@McAfee.com wrote:
> > > I am trying to set up syncrepl to have multiple providers to a single
> > consumer. Basically allowing me to combine two ldap's into a single ldap. I
> > know this is probably not a standard configuration but seems like it should work.
> > > This seems to work for a while but then all of the records from one of the
> > providers is deleted. And even though the consumer still is polling both
> > providers the records will will not get added back.
> >
> > No, this setup will always fail in the manner you describe. The way a syncrepl
> > refresh works by default is that the provider tells the consumer about every
> > entry it knows about within the search context. The consumer then deletes
> > everything on its side that the provider didn't enumerate. Since both of your
> > consumers are using the identical search base, every time one of them
> > refreshes it will always delete everything the other one retrieved. (This is
> > the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the
> > detailed explanation.)
> >
> > It's possible to get this working, somewhat, using delta-syncrepl, which
> > usually does not use a Present phase. However, if the consumer ever lags
> > behind the provider's log (i.e., the consumer's state is older than the oldest
> > entry in the provider's log) then delta-syncrepl falls back to normal
> > syncrepl, and you'll hit the refresh Present phase again. So in general, what
> > you're trying to do is unsupported.
> >
> >
> > > Here is my consumer syncrepl configuration. The providers are a standard provider configuration.
> > >
> > > Any help would be appreciated.
> > >
> > > Jim
> > >
> > >
> > > serverID 064
> > >
> > > database        bdb
> > > suffix          "o=dogcatfish"
> > > rootdn          "cn=admin,o=dogcatfish"
> > >
> > > limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited
> > >
> > > # Cleartext passwords, especially for the rootdn, should
> > > # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> > > # Use of strong authentication encouraged.
> > > rootpw                  admin
> > >
> > > # syncrepl configuration
> > > syncrepl rid=64
> > >           provider=ldap://provider1
> > >           type=refreshOnly
> > >           interval=00:00:01:00
> > >           retry="60 10 300 +"
> > >           searchbase="o=dogcatfish"
> > >           filter="(objectClass=*)"
> > >           scope=sub
> > >           attrs="*,+"
> > >           schemachecking=off
> > >           bindmethod=simple
> > >           binddn="cn=admin,o=dogcatfish"
> > >           credentials="admin"
> > >
> > > # syncrepl configuration
> > > syncrepl rid=68
> > >           provider=ldap://provider2
> > >           type=refreshOnly
> > >           interval=00:00:01:00
> > >           retry="60 10 300 +"
> > >           searchbase="o=dogcatfish"
> > >           filter="(objectClass=*)"
> > >           scope=sub
> > >           attrs="*,+"
> > >           schemachecking=off
> > >           bindmethod=simple
> > >           binddn="cn=admin,o=dogcatfish"
> > >           credentials="admin"
> > >
> > > # Indices to maintain
> > > index   contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail   eq
> > > checkpoint 1024 5
> > >
> > > mirrormode TRUE
> >
> >
> > --
> >    -- Howard Chu
> >    CTO, Symas Corp.           http://www.symas.com
> >    Director, Highland Sun     http://highlandsun.com/hyc/
> >    Chief Architect, OpenLDAP  http://www.openldap.org/project/


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/