[Date Prev][Date Next] [Chronological] [Thread] [Top]
MMR/contextCSN missing

To: openldap-technical@openldap.org
Subject: MMR/contextCSN missing
From: David Blank-Edelman <dnb@ccs.neu.edu>
Date: Tue, 29 Jul 2014 15:27:40 -0400
Hi-
 I’ve been working on this problem for a couple of days, the manual pages/admin guide/logs and I are now best buddies, but still I fail. Any help you can offer would be much appreciated.

I’m trying to set up a 4-host MMR cluster using 2.4.39 (LTB build, running on Ubuntu 12.04). With the config I have below (which is the same on all hosts), I’m seeing this peculiar behavior where all of the servers attempt to perform a full sync with each other over and over again. They stay at a relatively high load as a result. The logs (at default level) show this over and over again:

ul 29 10:40:55 eadrax slapd[3815]: conn=1000 op=1 SRCH base="dc=ccs,dc=neu,dc=edu" scope=2 deref=0 filter="(objectClass=*)"
Jul 29 10:40:55 eadrax slapd[3815]: conn=1000 op=1 SRCH attr=* +
Jul 29 10:40:56 eadrax slapd[3815]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=16551 text=
Jul 29 10:40:56 eadrax slapd[3815]: conn=1000 op=2 SRCH base="dc=ccs,dc=neu,dc=edu" scope=2 deref=0 filter="(objectClass=*)"
Jul 29 10:40:56 eadrax slapd[3815]: conn=1000 op=2 SRCH attr=* +
Jul 29 10:40:58 eadrax slapd[3815]: conn=1000 op=2 SEARCH RESULT tag=101 err=0 nentries=16551 text=
...

If I delete the databases from a server and  bring the server to a loglevel of 16384, I see the initial re-sync proceed as I would expect (all of the data is replicated) but then the full sync process appears to repeat again and the logs show entries like:

syncrepl_entry: rid=003 entry unchanged, ignored (...
and
dn_callback : entries have identical CSN ...

My first thought was to check the contextCSN on the servers, and indeed something is peculiar because ldapsearch authorizing with the rootDN (while running) and slapcat (while at rest) show that there is no contextCSN attribute associated with the main database (there is one in cn=accesslog). I have confirmed with cn=monitor that the main database does indeed show the syncprov and syncrepl overlays loaded. I have changed log levels to see if the config files are being parsed ok (they are). I have changed values for syncprov-checkpoint. I have attempted to just have two of the four talk to each other to see if a simpler case would help illuminate what is going on, but to no avail. There are no weird errors in the log. At this point I don’t know what else to try.

Here are the relevant sections from my configs, do you spot anything untoward that might be causing this behavior?

=== slapd.conf excerpt:

# {serverN} is replaced with a real name in the configs
serverId 1 ldaps://{server1}.ccs.neu.edu:636/
serverId 2 ldaps://{server2}.ccs.neu.edu:636/
serverId 3 ldaps://{server3}.ccs.neu.edu:636/
serverId 4 ldaps://{server4}.ccs.neu.edu:636/

include /usr/local/openldap/etc/openldap/slapd.conf.acl

database        mdb
suffix          "dc=ccs,dc=neu,dc=edu"
rootdn          “XXXX”


include /usr/local/openldap/etc/openldap/slapd.conf.index
include /usr/local/openldap/etc/openldap/slapd.conf.replicas

# {repluser} is replaced with a real name in the actual configs
limits dn.exact=cn={repluser},dc=ccs,dc=neu,dc=edu
    time.soft=unlimited
    time.hard=unlimited
    size.soft=unlimited
    size.hard=unlimited

overlay syncprov
syncprov-checkpoint 100 10
syncprov-reloadhint FALSE
syncprov-nopresent  FALSE

overlay accesslog

logdb "cn=accesslog"
logops writes
logpurge 07+00:00 01+00:00
logsuccess TRUE

index reqstart eq

database mdb
suffix          "cn=accesslog"
rootdn          “XXXX”

index default eq
index entryCSN,entryUUID,objectClass,reqEnd,reqResult,reqStart

# {repluser} is replaced with a real name in the actual configs
limits dn.exact=cn={repluser},dc=ccs,dc=neu,dc=edu
        time.soft=unlimited
        time.hard=unlimited
        size.soft=unlimited
        size.hard=unlimited

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 500
syncprov-reloadhint TRUE
syncprov-nopresent  TRUE

=== slapd.conf.acl excerpt:

access to *
    by dn=cn={repluser},dc=ccs,dc=neu,dc=edu read
    by * break

=== slapd.conf.replicas excerpt:

# {serverN} is replaced with a real name in the configs
syncrepl rid=001    provider="ldaps://{server1}.ccs.neu.edu:636/"
    searchbase="dc=ccs,dc=neu,dc=edu"
    syncdata="accesslog"
    logbase="cn=accesslog"
    logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
    bindmethod="sasl"
    saslmech="EXTERNAL"
    type="refreshAndPersist"
    retry="10 +"
    timeout="1"
    keepalive="180:3:60"
    network-timeout="10"
    schemachecking="on"
syncrepl rid=002    provider="ldaps://{server2}.ccs.neu.edu:636/"
    searchbase="dc=ccs,dc=neu,dc=edu"
    syncdata="accesslog"
    logbase="cn=accesslog"
    logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
    bindmethod="sasl"
    saslmech="EXTERNAL"
    type="refreshAndPersist"
    retry="10 +"
    timeout="1"
    keepalive="180:3:60"
    network-timeout="10"
    schemachecking=“on"
… 
(other 2 hosts, same format)

=== slapd.conf.index:
index cn eq,sub
index entrycsn eq
index entryuuid eq
index mail sub
index member eq
index objectclass eq
index sn eq,sub
index uid eq,sub

Thanks for any help you can offer!

   — dNb
Follow-Ups:
- Re: MMR/contextCSN missing
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Antw: MMR/contextCSN missing
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Prev by Date: Re: Re: Setting VLV Rules
Next by Date: Re: MMR/contextCSN missing
Index(es):
- Chronological
- Thread