[Date Prev][Date Next] [Chronological] [Thread] [Top]
Consumer replication 0 entries fetched - CSN problem?

To: openldap-technical@openldap.org
Subject: Consumer replication 0 entries fetched - CSN problem?
From: Josh Nielsen <jnielsen@hudsonalpha.org>
Date: Tue, 16 Sep 2014 10:03:32 -0500
Hello all,

Last year I switched from the slapd.conf to the OLC style config for
OpenLDAP and transitionally tested it by making the OLC server a
replication slave to the older LDAP server configured with slapd.conf.
Now I've disabled replication from that old server and am making the
OLC server (LDAP01 - version 2.4.23) the new master and threw up a new
VM called LDAP02 (2.4.23) to become the new sync replication
slave/consumer. Though I'm using multiple guides of varying detail the
simplest setup steps basically followed this article:
http://gagravarr.livejournal.com/145679.html.

I followed the same steps I thought I did for LDAP01, but despite the
fact that I see LDAP02 bind and try to fetch entries for replication
nothing is being fetched. The problem description is almost identical
to this person's issue:
http://www.openldap.org/lists/openldap-software/200911/msg00017.html
(with "nentries=0" in the replication log messages, but plenty of
entries found with an ldapsearch manually).

Though I think my setup situation is different than that person's, and
they were exporting using slapcat/slapadd (which I did for converting
my existing slapd.conf config to LDAP01 last year, but this time I
merely setup LDAP02 from scratch as a cn=config OLC server to begin
with), one of the follow-up responses to that email thread said this:

"The only correct usage of -w is when you have an LDIF produced by slapcat
on a database that was not being used with replication before, and so is missing
the contextCSN. But all the other operational attributes (entryUUID and
entryCSN in particular) are present and valid."

This made me wonder if the problem I'm seeing is because LDAP02 (or
LDAP01?) is somehow missing a contextCSN. I am seeing no "cookie"
messages associated with replication in my log.

Some of my config is below as well as the log messages I am seeing on
LDAP01 (edited domain & password). I did notice off-the-bat though
that I am missing an "olcDbIndex: entryUUID pres,eq" entry on LDAP02
where I have it on LDAP01. Is that a crucial setting for replication?
Lastly, I deleted the database files in /var/lib/ldap/ on LDAP02 and
restarted slapd once I had configured "olcSyncRepl" on LDAP02 to
ensure that I was starting from scratch.

-------
LDAP01's log entry for LDAP02's attempted connection looks like this:

Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 fd=359 ACCEPT from
IP=192.168.21.60:46198 (IP=0.0.0.0:389)
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=0 STARTTLS
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=0 RESULT oid= err=0 text=
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 fd=359 TLS established
tls_ssf=256 ssf=256
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=1 BIND
dn="cn=root,dc=myerslab,dc=haib,dc=org" method=128
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=1 BIND
dn="cn=root,dc=myerslab,dc=haib,dc=org" mech=SIMPLE ssf=0
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=1 RESULT tag=97 err=0 text=
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=2 SRCH
base="dc=myerslab,dc=haib,dc=org" scope=2 deref=0
filter="(objectClass=*)"
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=2 SRCH attr=* +
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=2 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 op=3 UNBIND
Sep 15 16:29:07 ldap01 slapd[18869]: conn=1472 fd=359 closed

-------
LDAP02's /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif:

dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=mydomain,dc=org
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=mydomain,dc=org
olcRootPW::
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 50000
olcDbCheckpoint: 10240 720
olcSyncrepl: {0}rid=001 provider=ldap://ldap01.mydomain.org bindmethod=si
 mple timeout=1 network-timeout=0 binddn="cn=root,dc=mydomain,dc=org"
 credentials="ld4p3650" keepalive=0:0:0 starttls=yes filter="(objectclass=*)" s
 earchbase="dc=mydomain,dc=org" scope=sub schemachecking=off type=refr
 eshOnly interval=00:00:00:10 retry="5 5 300 5"
tls_cacert=/etc/openldap/certs/rootCA.cert
olcUpdateRef: ldap://ldap01.mydomain.org
olcMirrorMode: TRUE
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: mail pres,eq,sub
olcDbIndex: ou pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 31e2c8b0-c0ec-1033-8c20-43a6f59853d5
creatorsName: cn=config
createTimestamp: 20140825214036Z
entryCSN: 20140912164223.814325Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140912164223Z

-------
LDAP01's /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif:

dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=mydomain,dc=org
olcAccess: {0}to attrs=userPassword  by self write  by anonymous auth  by * no
 ne
olcAccess: {1}to *  by anonymous read
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=mydomain,dc=org
olcRootPW::
olcSyncUseSubentry: FALSE
olcMirrorMode: TRUE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 50000
olcDbCheckpoint: 10240 720
olcDbConfig: {0}# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.3.2.4 2007/1
 2/18 11:53:27 ghenry Exp $
olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas
 es.
olcDbConfig: {2}#
olcDbConfig: {3}# See the Oracle Berkeley DB documentation
olcDbConfig: {4}#   <http://www.oracle.com/technology/documentation/berkeley-d
 b/db/ref/env/db_config.html>
olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics.
olcDbConfig: {6}#
olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ
olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl
 PTI+
olcDbConfig: {9}# in particular:
olcDbConfig: {10}#   <http://www.openldap.org/faq/index.cgi?file=1075>
olcDbConfig: {11}
olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re
 building
olcDbConfig: {13}# the DB environment.
olcDbConfig: {14}
olcDbConfig: {15}# one 0.25 GB cache
olcDbConfig: {16}set_cachesize 0 268435456 1
olcDbConfig: {17}
olcDbConfig: {18}# Data Directory
olcDbConfig: {19}#set_data_dir db
olcDbConfig: {20}
olcDbConfig: {21}# Transaction Log settings
olcDbConfig: {22}set_lg_regionmax 262144
olcDbConfig: {23}set_lg_bsize 2097152
olcDbConfig: {24}#set_lg_dir logs
olcDbConfig: {25}
olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui
 ck"
olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl
 aXIgLXEgb3B0aW9uKS4g
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: entryUUID pres,eq
olcDbIndex: entryCSN pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: givenName pres,eq,sub
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 727d260c-cc5c-1032-89cf-2fc7acd5ca31
creatorsName: cn=config
createTimestamp: 20131018161654Z
entryCSN: 20140915195740.431843Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140915195740Z
------

Thanks,
Josh Nielsen
Follow-Ups:
- Re: Consumer replication 0 entries fetched - CSN problem?
  - From: Michael Ströder <michael@stroeder.com>
Prev by Date: Updates to OIDs
Next by Date: Re: Consumer replication 0 entries fetched - CSN problem?
Index(es):
- Chronological
- Thread