[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl help

To: openldap-technical@openldap.org
Subject: syncrepl help
From: Adam Cassar <adam.cassar@netregistry.com.au>
Date: Thu, 26 Aug 2010 14:18:21 +1000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Lightning/1.0b1 Thunderbird/3.0.6

Hi All,

I would appreciate some insight with a syncrepl issue that I have. The scenario is as follows:

(1) LDAP master running debian slapd v2.3.30

replicating using syncrepl to

(2) LDAP master running debian slapd v2.4.11

The initial data for this node was seeded using slapcat/slapadd due to the db size.

This is replicating via syncrepl to

(3) LDAP slave running debian slapd v2.4.11

On (3) the slave I am receiving the error:

do_syncrep2: cookie=rid=001,csn=20100825064231Z#000000#00#000000
do_syncrep2: rid=001 CSN too old, ignoring 20100825064231Z#000000#00#000000

for all replication events that are being received.

What I am trying to achieve is to deprecate server (1) with as little downtime as possible, server (2) becomes the new master and (3) the new slave

Replication between 1 & 2 works correctly but not between 2 & 3. The time is correct on the servers. Server (3) database is seeded using syncrepl. Configurations for 1, 2 & 3 are attached.

modulepath      /usr/lib/ldap
moduleload back_bdb

allow bind_v2

include   /etc/ldap/schema/core.schema
include   /etc/ldap/schema/cosine.schema
include   /etc/ldap/schema/inetorgperson.schema
include   /etc/ldap/schema/misc.schema
include   /etc/ldap/schema/nis.schema
include   /etc/ldap/schema/nr.schema
include   /etc/ldap/schema/nr-mail.schema

modulepath /usr/lib/ldap
moduleload syncprov

schemacheck     on
#sizelimit 100
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
replogfile	/var/lib/ldap/replog

loglevel        0

#email
database bdb
suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"
checkpoint 128 15

lastmod on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

limits "cn=admin,ou=email,dc=xyz"
       size=unlimited
       time=unlimited

#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read

index objectClass,uid,cn eq,pres
index entryUUID eq

updatedn "cn=admin,ou=email,dc=xyz"

#dns
replica host=1.2.3.4 suffix="ou=email,dc=xyz" bindmethod=simple
	binddn="cn=admin,ou=email,dc=xyz"
	credentials="comein"

#www
database bdb
suffix          "dc=xyz"
directory       "/var/lib/ldap-www"
checkpoint 128 15
#readonly on

access to attrs=userPassword by dn.regex="cn=admin,ou=People,dc=xyz" write by anonymous read by self write

# The admin dn has full write access
access to * by dn.regex="cn=admin,ou=People,dc=xyz" write by * read

updatedn "cn=admin,ou=People,dc=xyz"

index objectClass,uidNumber,gidNumber eq,pres
index uid,cn eq,pres,approx

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include   	/etc/ldap/schema/misc.schema
include   	/etc/ldap/schema/nr-mail.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel	none
#loglevel	256
#loglevel        none
#loglevel        296

# Where the dynamically loaded modules are stored
modulepath	/usr/lib/ldap
moduleload	back_hdb
moduleload 	syncprov

# The maximum number of entries that is returned for a search operation
sizelimit 10

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
threads 32

#email
database hdb
overlay 	syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"

#db settings
checkpoint 128 15
dbconfig set_cachesize 0 369868800 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192

#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read

index objectClass,uid,cn,userPassword,entryCSN,entryUUID eq,pres
rootdn "cn=admin,ou=email,dc=xyz"
rootpw "secret"

syncrepl   rid=1
	provider=ldap://1.2.1.21
	type=refreshAndPersist
	searchbase="ou=email,dc=xyz"
	filter="(objectClass=*)"
	attrs="*"
	scope=sub
	schemachecking=on
	bindmethod=simple
	binddn="cn=admin,ou=email,dc=xyz"
	credentials="secret"
	timelimit=unlimited
	sizelimit=unlimited
	retry="15 +"

#updateref       ldap://1.2.1.21

#www
database hdb
overlay 	syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

suffix          "dc=xyz"
directory       "/var/lib/ldap-www"

#db settings
checkpoint 128 15
dbconfig set_cachesize 0 268435456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192

#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by anonymous read by self write
access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read

index objectClass,uidNumber,gidNumber,entryCSN,entryUUID,memberUid,userPassword eq,pres
index uid,cn eq,pres,approx

rootdn "cn=admin,ou=www,dc=xyz"
rootpw "secret"

syncrepl   rid=2
	provider=ldap://1.2.3.164
	type=refreshAndPersist
	searchbase="dc=xyz"
	filter="(objectClass=*)"
	attrs="*"
	scope=sub
	schemachecking=on
	bindmethod=simple
	binddn="cn=admin,ou=People,dc=xyz"
	credentials="secret"
	timelimit=unlimited
	sizelimit=unlimited
	retry="15 +"

#updateref       ldap://1.2.3.164

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include   	/etc/ldap/schema/misc.schema
include   	/etc/ldap/schema/nr-mail.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel	none
#loglevel	256
#loglevel        none
#loglevel        296

# Where the dynamically loaded modules are stored
modulepath	/usr/lib/ldap
moduleload	back_hdb

# The maximum number of entries that is returned for a search operation
sizelimit 10

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
threads 32

#email
database hdb
suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"

#db settings
checkpoint 128 15
dbconfig set_cachesize 0 369868800 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192

#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read

index objectClass,uid,cn,userPassword,entryUUID eq,pres
rootdn "cn=admin,ou=email,dc=xyz"
rootpw "secret"

syncrepl   rid=1
	provider=ldap://1.2.3.188
	type=refreshAndPersist
	searchbase="ou=email,dc=xyz"
	filter="(objectClass=*)"
	attrs="*"
	scope=sub
	schemachecking=off
	bindmethod=simple
	binddn="cn=admin,ou=email,dc=xyz"
	credentials="secret"
	timelimit=unlimited
	sizelimit=unlimited

updateref       ldap://1.2.3.188

#www
database hdb
suffix          "dc=xyz"
directory       "/var/lib/ldap-www"

#db settings
checkpoint 128 15
dbconfig set_cachesize 0 268435456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192

#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by anonymous read by self write
access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read

index objectClass,uidNumber,gidNumber,entryUUID,memberUid,userPassword eq,pres
index uid,cn eq,pres,approx

rootdn "cn=admin,ou=www,dc=xyz"
rootpw "secret"

syncrepl   rid=2
	provider=ldap://1.2.3.188
	type=refreshAndPersist
	searchbase="dc=xyz"
	filter="(objectClass=*)"
	attrs="*"
	scope=sub
	schemachecking=off
	bindmethod=simple
	binddn="cn=admin,ou=www,dc=xyz"
	credentials="secret"
	timelimit=unlimited
	sizelimit=unlimited

updateref       ldap://1.2.3.188

Follow-Ups:
- Re: syncrepl help
  - From: Jonathan Clarke <jonathan@phillipoux.net>

Prev by Date: Re: LDAP backend: schema synchronization?
Next by Date: Re: Problem with persistent search in OpenLDAP 2.4.23
Index(es):
- Chronological
- Thread