How to debug single object syncrepl failure

[Geoff Crompton <geoffc@trinity.unimelb.edu.au>]

Hi,

I have a particular object in my LDAP database that is failing to 
replicate (using syncrepl between two slapd's running 2.4.31-1+nmu2 on 
Debian Wheezy), despite other objects succeeding to replicate. I'm not 
using a 'filter' configuration in my olcSyncrepl configuration that 
might exclude this particular object, and I've checked that the binddn 
I'm using has permission to see this object all the attributes of the 
object that isn't replicating.

The (sanitised) configuration on the consumer is:

dn: olcDatabase={1}hdb,cn=config
olcSyncrepl: {0}rid=104 provider=ldap://producer.example.com 
bindmethod=simple
binddn="uid=replicator,ou=pseudoaccounts,dc=example,dc=com" 
credentials="..."
searchbase="dc=example,dc=com" logbase="cn=accesslog" logfilter="(&
(objectClass=auditWriteObject)(reqResult=0))" schemachecking=off 
type=refreshAndPersist
retry="60 +" syncdata=accesslog starttls=critical tls_reqcert=demand


On the producer the overlay configuration for the database being 
replicated is:

dn: olcOverlay={1}syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {1}syncprov
olcSpCheckpoint: 100 600
olcSpSessionlog: 100
olcSpNoPresent: TRUE


If I follow the sanitising I did in the above, then the failing object 
would be uid=replicationcheck,ou=pseudoaccounts,dc=example,dc=com, and a 
successfully replicated object would be 
uid=geoffc,ou=People,dc=example,dc=com.

I've stopped slapd on the consumer and deleted all the /var/lib/ldap/ 
database files, to force re-replication. I get the same symptoms, this 
one object doesn't replicate, but lots of other objects do replicate.

Any tips on how to further debug this?

Many thanks,
--
Geoff Crompton, System Administrator
T: +61 (0)3 9348 7138
Trinity College | University of Melbourne | Royal Parade, Parkville | 
Victoria 3052, Australia
www.trinity.unimelb.edu.au