Re: openldap problem with synchronization

[Robert Mach <mach.robert@gmail.com>]

Hello,

yes you are right, the Consumer checks every minute the provider, but only the contextCSN on the Consumer is updated, not the actual data in the tree.

I studied the logs on the Provider more in detail.... as the Provider is providing data for the 2nd internal server (in multi-master replication) as well as for the external server. After a change in the Provider's tree both Consumer connect within one minute, the internal server sees the change whereas the external server doesn't:

Jan  3 09:17:04 ldapip slapd[20499]: conn=269275 op=1 SRCH base="o=test,c=cz" scope=2 deref=0 filter="(!(objectClass=simpleSecurityObject))"

Jan  3 09:17:04 ldapip slapd[20499]: conn=269275 op=1 SRCH attr=cn sn ou o mail serialNumber userCertificate cACertificate certificateRevocationList authorityRevocationList entrustPolicyCertificate crossCertificatePair objectClass structuralObjectClass entryCSN

Jan  3 09:17:04 ldapip slapd[20499]: conn=269275 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

versus

Jan  3 09:17:08 ldapip slapd[20499]: conn=269276 op=2 SRCH base="o=test,c=cz" scope=2 deref=0 filter="(objectClass=*)"

Jan  3 09:17:08 ldapip slapd[20499]: conn=269276 op=2 SRCH attr=* +

Jan  3 09:17:08 ldapip slapd[20499]: conn=269276 op=2 SEARCH RESULT tag=101 err=0 nentries=28 text=

Robert

On Fri, Jan 3, 2014 at 9:17 AM, Vikas Parashar <para.vikas@gmail.com> wrote:

Hi,

it's depends on  interval=00:00:01:00 time.

On Fri, Jan 3, 2014 at 1:26 PM, Robert Mach <mach.robert@gmail.com> wrote:

       Hello,

I have troubles using openldap replication in Centos 6.4. and Centos 5.3

I have two server with following version of openldap from centos repository configures as multimaster replication (internal servers):

openldap-servers-2.4.23-32.el6_4.1.x86_64

openldap-clients-2.4.23-32.el6_4.1.x86_64

openldap-2.4.23-32.el6_4.1.x86_64

Then I have one external server with following products:

openldap-servers-2.3.43-12.el5_5.3

openldap-clients-2.3.43-12.el5_5.3

openldap-2.3.43-12.el5_5.3

Then two internal servers are configured as multi-master replication and everything is working fine. The external server is configures as slave replication from one of those internal servers using the following configuration:

CODE: SELECT ALL

database        bdb

suffix          "o=test,c=cz"

rootdn          "cn=Manager,o=test,c=cz"

directory       /var/local/ldap/test.cz

index entryCSN,entryUUID                eq

index objectClass                       eq,pres

index ou,cn,mail                        eq,pres,sub

syncrepl rid=132

  provider=ldaps://xxxxx.xxx.xxx

  type=refreshOnly

  interval=00:00:01:00

  searchbase="o=test,c=cz"

  filter="(!(objectclass=simpleSecurityObject))"

  scope=sub

  updatedn="cn=SyncMaster,o=test,c=cz"

  bindmethod=sasl

  saslmech=external

  attrs="objectClass,cn,sn,ou,o,mail,serialNumber,userCertificate,cACertificate,certificateRevocationList,authorityRevocationList,entrustPolicyCertificate,crossCertificatePair"

  schemachecking=on

There is a problem with replication from internal server to external. If I delete the database of external server and start the consumer, everything is correctly replicated from the provider (internal server) to the consumer. Therefore I assume, that the replication is configured correctly. But if the servers are running for a while and changes are made on the Provider (internal server) some data are not replicated to the consumer. More precisely the contextCSN of the root of the tree of consumer (external server) is updated and is  the same as on the Provider(internal server), but some entries lower in the three are not replicated correctly, both the entry entryCSN and the entry data itself are not updated on the Consumer.

Do you have any idea where could be the problem?

Thank you, 

Rob