[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OL 2.3.19, delta-syncrepl issue

To: OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: Re: OL 2.3.19, delta-syncrepl issue
From: Samuel Tran <stran@amnh.org>
Date: Fri, 03 Feb 2006 15:59:06 -0500
In-reply-to: <0E310EF36BB7BCEA36242F10@[10.0.0.1]>
References: <1138995273.14533.47.camel@mistral> <0E310EF36BB7BCEA36242F10@[10.0.0.1]>

On Fri, 2006-02-03 at 12:28 -0800, Quanah Gibson-Mount wrote:
> 
> --On Friday, February 03, 2006 2:34 PM -0500 Samuel Tran <stran@amnh.org> 
> wrote:
> 
> > Hi All,
> >
> > I am testing delta-syncrepl with two Debian Sarge Linux boxes running OL
> > 2.3.19 + 2 patches (ITS #4369 and #4376).
> >
> > Here the configuration on the provider:
> >
> ># Accesslog DB definition (slapo-accesslog)
> > database        bdb
> > suffix          "cn=accesslog"
> > rootdn          "cn=root,cn=accesslog"
> > directory       /var/lib/ldap/accesslog
> > index           default eq
> > index           entryCSN,objectClass,reqEnd,reqResult,reqStart
> >
> ># Let the replica DN have limitless searches
> > limits dn.exact="cn=syncrepl,ou=Accounts,ou=Apps,dc=example,dc=com"
> > time.soft=unlimited
> > time.hard=unlimited size.soft=unlimited size.hard=unlimited
> 
> The above should be one line.

Ok, I did a bad copy and paster in the configuration file.
It is now one line.

> 
> ># Primary AMNH database definition
> > database        bdb
> > suffix          "dc=example,dc=com"
> > rootdn          "cn=Manager,dc=example,dc=com"
> >
> ># syncprov specific indexing
> > index   entryUUID,entryCSN eq
> >
> ># Let the replica DN have limitless searches
> > limits dn.exact="cn=syncrepl,ou=Accounts,ou=Apps,dc=example,dc=com"
> > time.soft=unlimited
> > time.hard=unlimited size.soft=unlimited size.hard=unlimited
> 
> 
> The above should be one line.

It is now one line.

> 
> >#############################################################
> ># Syncrepl - Provider configuration
> >#############################################################
> >
> > overlay syncprov
> > syncprov-checkpoint 100 30
> > syncprov-sessionlog 100
> > syncprov-nopresent TRUE
> > syncprov-reloadhint TRUE
> >
> >#############################################################
> ># Accesslog - Access Logging overlay (required for delta syncrepl)
> >#############################################################
> >
> > overlay accesslog
> > logdb cn=accesslog
> > logops writes
> ># scan the accesslog DB every day, and purge entries older than 28 days
> > logpurge 28+00:00 01+00:00
> >
> >
> > Here the configuration on the consumer:
> >
> >#############################################################
> ># Syncrepl - Consumer configuration
> >#############################################################
> > syncrepl        rid=121
> >                 provider=ldaps://info-ldap-001.example.com:636
> >                 type=refreshAndPersist
> >                 retry="5 +"
> >                 searchbase="dc=example,dc=com"
> >                 bindmethod=simple
> >
> > binddn="cn=syncrepl,ou=Accounts,ou=Apps,dc=example,dc=com"
> >                 credentials=xxxxxxxxxxxx
> >                 logbase="cn=accesslog"
> >                 schemachecking=on
> >                 syncdata=accesslog
> 
> 
> 
> Is there really an extra space between bindmethod and binddn?
> 

This is a bad copy and paste when I composed the email. There is no
space between bindmethod and binddn in my configuration file.

> 
> > The consumer is in a DMZ with a public IP address while the provider is
> > in the internal network with a private IP address. Traffic from the
> > consumer to the provider is allowed on port 636.
> >
> > I modified some entries on the provider. I can see the changes in the
> > accesslog db. But no synchronization on the consumer.
> 
> Based on the other error logs you sent, it sounds like the syncRepl control 
> isn't being published, or the syncrepl client (replica) doesn't have access 
> to read the rootDSE on the master.
> 

The syncrepl client does have access to the root DSE on the master:

stran@info-ldap-002:~$ ldapsearch -x -H
ldaps://info-ldap-001.example.com -b "" -s base -LLL "(objectClass=*)"
"+" "*" -D "cn=syncrepl,ou=Accounts,ou=Apps,dc=example,dc=com" -W
Enter LDAP Password: 
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: cn=accesslog
namingContexts: dc=example,dc=com
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
entryDN:
subschemaSubentry: cn=Subschema

How can I check if the Syncrepl control is published or not?

By the way I am not using the glue overlay.

Thanks.
Sam

References:
- OL 2.3.19, delta-syncrepl issue
  - From: Samuel Tran <stran@amnh.org>
- Re: OL 2.3.19, delta-syncrepl issue
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: TLS fails
Next by Date: ACLs by netgroup?
Index(es):
- Chronological
- Thread