[Date Prev][Date Next] [Chronological] [Thread] [Top]

Synrepl out of sync after some time....

To: <OpenLDAP-software@OpenLDAP.org>
Subject: Synrepl out of sync after some time....
From: "Christiaan den Besten" <chris@scorpion.nl>
Date: Thu, 27 Jul 2006 18:40:03 +0200

Hi !

We are running OpenLDAP 2.3.24 on our mail platform and its fallback MX'es.

Recently I have upgraded all ldap servers from 2.2.x (slurpd) to 2.3.24 (syncrepl). Unfortunately after 'some days' (couple of
hundred mutations on the ldap per day .. ) some (but not all) of our replica's are getting out of sync.

It seems (but not necessary) it are usually the replica's whom are outside the local LAN (housed at offsite locations).

Please take a look at our master and slave configuration below and tell me if I am doing something horribly wrong. And even better,
how I can debug this to find our problem.

All hosts are running Fedora Core 4 with OpenLDAP 2.3.24 'rpmbuild --rebuild' from the FC5 .src.rpm package.

Master config :

---
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 ku
rt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/qmail.schema

# /* Allow (old) LDAPv2 client connections. TODO: Do we need this ? */
allow           bind_v2

# /* Check if we have a valid schema */
schemacheck     on

# /* Set file location */
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# /* Performance */
concurrency     10
threads         10
loglevel        0
idletimeout     30

# /*
#  * Backend configuration.
#  */

# /*
#  * List with database definitions
#  */

# /* START DATABASE: o=nldomain,c=nl */

database        bdb
suffix          "o=nldomain,c=nl"
rootdn          "cn=admin,o=nldomain,c=nl"
rootpw          {SSHA}12345678e6kDqsm6O2uJskjrFLXFB3CZ
checkpoint      1024 5
cachesize       10000
idlcachesize    10000

# /* Mode 700 recommended */
directory       /var/lib/ldap

# /* Indices to maintain for this database */
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryUUID                         eq
index entryCSN                          eq

# Users are allowed to change own password.
access to attrs=userpassword
 by self       write
 by anonymous  auth
 by *          none

# The admin dn has full write access
access to dn.regex="^.*$"
       by * read

# /* END DATABASE: o=nldomain,c=nl */

# /* Replicatie */
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# End of config
---

Slave config:

---
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/qmail.schema

# /* Allow (old) LDAPv2 client connections. TODO: Do we need this ? */
allow           bind_v2

# /* Check if we have a valid schema */
schemacheck     on

# /* Set file location */
pidfile         /var/run/slapd.pid

# /* Performance */
concurrency     10
threads         10
loglevel        0
idletimeout     30

# /*
#  * Backend configuration.
#  */

# /* Specific options for bdb .. for now: none :) */
backend         bdb

# /*
#  * List with database definitions
#  */

# /* START DATABASE: o=nldomain,c=nl */

database        bdb
suffix          "o=nldomain,c=nl"
rootdn          "cn=admin,o=nldomain,c=nl"
rootpw          {SSHA}12345678e6kDqsm6O2uJskjrFLXFB3CZ
checkpoint      1024 5
cachesize       10000
idlcachesize    10000

# /* Mode 700 recommended */
directory       /var/lib/ldap

# /* Indices to maintain for this database */
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryUUID                         eq
index entryCSN                          eq

# Users are allowed to change own password.
access to attrs=userpassword
 by self       write
 by anonymous  auth
 by *          none

# The admin dn has full write access
access to dn.regex="^.*$"
       by * read

syncrepl rid=21
               provider=ldap://master:389
               type=refreshAndPersist
               interval=00:00:00:05
               retry="5 10 30 +"
               searchbase="o=nldomain,c=nl"
               filter="(objectClass=*)"
               scope=sub
               attrs="*"
               schemachecking=off
               bindmethod=simple
               binddn="cn=admin,o=nldomain,c=nl"
               credentials=SecretPassword

# /* END DATABASE: o=nldomain,c=nl */

# End of config
---

The last 'out of sync' scenario gave us all three fallback-mx'es out of sync at the same time. These are running FC4, but x86-64.
All other (incl master) are i686 based. But an other platform with only i686 boxes is having the same issue's and is running with
the same software / configuration ... I did have the same issues (but very less frequent) with 2.3.20.

Yours,
Christiaan den Besten

Follow-Ups:
- Re: Synrepl out of sync after some time....
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Problem when insert and modify entry with many attribute
Next by Date: Re: Synrepl out of sync after some time....
Index(es):
- Chronological
- Thread