[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Deletions not propagating in multi-hop syncRepl environment
OpenLDAP 2.2.26 on FreeBSD 4.10-STABLE.
I'm not sure whether this is a bug or a misconfiguration, so I thought I'd
ask here before filing an ITS.
We have a central replication server which accepts updates for several
suffixes and propagates them out to the other slaves i.e. no more than 2
hops with complexity O(n) instead of O(n^2). There are around 15 suffixes
in total, so keeping it simple is rather important...
This worked fine with SLURP, but I've just noticed that deletions from a
remote master do not propagate with SyncRepl to other slaves. Additions
and updates work fine, but not deletions.
For example:
MASTER: my.example.com (dc=my,dc=example,dc=com) is a Provider
SERVER: hub.example.com is both a Provider and a Consumer
SLAVE: au.example.com is a Consumer
I delete an entry upon MASTER, and it gets deleted upon SERVER as well,
but not SLAVE.
MASTER configuration (abridged):
database bdb
suffix "dc=my,dc=example,dc=com"
directory /usr/local/openldap-data/example.com/my
sessionlog 3 20 # Seems to make no difference
SERVER configuration (abridged):
database bdb
suffix "dc=my,dc=example,dc=com"
directory /usr/local/openldap-data/example.com/my
sessionlog 3 20 # Seems to make no difference
syncrepl rid=3
provider=ldap://my.example.com:389
type=refreshAndPersist
retry=5,5,10,+
searchbase="dc=my,dc=example,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=ModMan,dc=my,dc=example,dc=com"
bindmethod=simple
binddn="cn=ConMan,dc=my,dc=example,dc=com"
credentials="secret"
updateref ldap://my.example.com
SLAVE configuration (abridged):
database bdb
suffix "dc=my,dc=example,dc=com"
directory /usr/local/openldap-data/example.com/my
syncrepl rid=3
provider=ldap://hub.example.com:389
type=refreshAndPersist
retry=1,5,5,5,10,+
searchbase="dc=my,dc=example,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=ModMan,dc=my,dc=example,dc=com"
bindmethod=simple
binddn="cn=ConMan,dc=my,dc=example,dc=com"
credentials="secret"
updateref ldap://my.example.com:389
Initially I did not have the "sessionlog" directive, but adding it to
SERVER thence to MASTER made no difference.
I'm tempted to think that because additions and changes work just fine,
the configuration is OK and it's a subtle SyncRepl bug...
--
Dave Horsfall DTM VK2KFU daveh@ci.com.au Ph: +61 2 8425-5508 (d) -5500 (sw)
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia