[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some entries not syncing to slave using syncrepl

To: andylockran <andy@zrmt.com>
Subject: Re: Some entries not syncing to slave using syncrepl
From: Robert Fitzpatrick <lists@webtent.net>
Date: Mon, 27 Oct 2008 11:27:47 -0400
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <4905CFF0.6050405@zrmt.com>
Organization: WebTent Networking, Inc.
References: <1224989004.31706.18.camel@laptop.webtent.org> <4905CFF0.6050405@zrmt.com>

On Mon, 2008-10-27 at 14:28 +0000, andylockran wrote:
> Robert Fitzpatrick wrote:
> > I have setup a 2.3.43 master/slave using syncrepl, but some entries are
> > not syncing. I have one entire tree (ou=Domains,dc=example,dc=com) and
> > some entries under another certain tree not coming over to the slave.
> > 
> > Here is my slapd.conf syncrepl entry on the slave with an ip address of
> > 10.0.0.5...
> > 
> > syncrepl rid=120
> >                 provider=ldap://10.0.0.6:389
> >                 type=refreshAndPersist
> >                 interval=00:00:05:00
> >                 searchbase="dc=example,dc=com"
> >                 filter="(objectClass=*)"
> >                 scope=sub
> >                 schemachecking=off
> >                 bindmethod=simple
> >                 binddn="uid=slurpd,ou=Services,dc=example,dc=com"
> >                 credentials=password
> > 
> > And in my master from slapd.conf...
> > 
> > overlay syncprov
> > syncprov-checkpoint 100 10
> > syncprov-sessionlog 100
> > 
> > My ACL does not contain any specific access for my Domains container,
> > but at the bottom contains...
> > 
> > access to *
> >         by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
> >         by group.exact="cn=Administrators,dc=example,dc=com" write
> >         by self write
> >         by users read
> >         by peername=10.0.0.5 read
> >         by * read
> > 
> > My slurpd uid is a member of the Administrators group entry. Using my
> > Domains tree as an example, I can read the entry no problem...
> > 
> > esmtp# ldapsearch -LLL -h 10.0.0.6 -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
> > Enter LDAP Password: 
> > dn: ou=Domains,dc=example,dc=com
> > 
> > However, I have no Domains container in my slave :(
> > 
> > esmtp# ldapsearch -LLL -h localhost -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
> > Enter LDAP Password:
> > 
> > Can someone help me shed some light on this problem?
> > 
> The filter (objectclass=*) isn't blocking it is it?

Thanks. I have confirmed all to have objectClass defined, however, I
removed the filter, stopped the server, deleted the directory folder and
put back my DB_CONFIG, then restarted. Still, this one container and
select entries beneath another container are not coming over to the
master. But most entries in the directory are coming over and running
the above ldapsearch from the slave pulls the entries on the master, no
problem.

Any other ideas?

-- 
Robert

References:
- Some entries not syncing to slave using syncrepl
  - From: Robert Fitzpatrick <lists@webtent.net>

Prev by Date: Re: Problems converting slapd.conf to a directory: i am desperated
Next by Date: Re: TLS problems with openldap
Index(es):
- Chronological
- Thread