Re: ldap sync

[Pascal Kolijn <p.kolijn@vu.nl>]

Peace,

On 09/12/14 13:55, Ferenc Wagner wrote:
> "Kolijn, P." <p.kolijn@vu.nl> writes:
>
>> It seems to work, for awhile,  but the sync stops when data.mdb is
>> approx 15M, about 1630 entries instead of the 50000 and about 400M...
>>
>> If I do a slapadd of the data into my consumer it will grow beyond the
>> 15M size...
>>
>> --snip--
>> # ldap data
>> database mdb
>> maxsize 1073741824
>> directory /var/lib/ldap
>> suffix "dc=example,dc=com"
>> rootdn "cn=ldap_admin,dc=example,dc=com"
>> rootpw "{SSHA}0rvO4rPODnqNPqkbDv/vuKm8hXGS7mtG"
>>
>> # Sync Consumer
>> #  The indent is necessary
>> syncrepl rid=002
>>     provider=ldap://ldapmaster.test.example.com
>>     type=refreshAndPersist
>>     retry="5 5 300 5"
>>     searchbase="dc=example,dc=com"
>>     filter="(objectclass=*)"
>>     attrs="*"
>>     scope=sub
>>     schemachecking=off
>>     bindmethod=simple
>>     binddn="cn=replicator,dc=example,dc=com"
>>     credentials="secret"
>>
>>
>> -- end snip --
>>
>> I have set the global options:
>>
>> -- snip --
>> sizelimit       unlimited
>> timelimit       unlimited
>> -- end snip --
> How many entries do you get if you run 
>
> $ ldapsearch -x -H ldap://ldapmaster.test.example.com -D cn=replicator,dc=example,dc=com -W -b dc=example,dc=com
>
> on the consumer (arguments taken from your syncrepl stanza above)?

As you can see my mail got seriously delayed before it arrived on the
list. It is working now, the acl was indeed wrong for the replicator
user (I presume that is where the proposed test was for), and my old
ldap was a 2.2.xx from years ago and the entryCSN or something like that
seem to have changed since then...

After fixing the acl and beginning with an 'empty' directory proved my
config was working (more or less) and the old content needed some tweaks...

Thnx, for the help !

Pascal Kolijn
Vrije Universiteit Amsterdam