[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl only works as rootdn

To: Howard Chu <hyc@symas.com>
Subject: Re: syncrepl only works as rootdn
From: Christopher Cowart <ccowart@rescomp.berkeley.edu>
Date: Thu, 1 Feb 2007 21:03:53 -0800
Cc: OpenLDAP-Software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <20070202045939.GY28577@rescomp.berkeley.edu>
Mail-followup-to: Howard Chu <hyc@symas.com>, OpenLDAP-Software@OpenLDAP.org
Organization: RSSP-IT, UC Berkeley
References: <20070202030415.GX28577@rescomp.berkeley.edu> <45C2BD50.4030208@symas.com> <20070202045939.GY28577@rescomp.berkeley.edu>
User-agent: Mutt/1.5.9i

On Thu, Feb 01, 2007 at 08:59:39PM -0800, Christopher Cowart wrote:
> On Thu, Feb 01, 2007 at 08:25:52PM -0800, Howard Chu wrote:
> > Redirected from -bugs; there is no evidence of a bug here.
> Perhaps the -software list charter should include mention of support
> issues or questions? As it was, -bugs seemed most appropriate.
> 
> > Christopher Cowart wrote:
> > >Hello,
> > >
> > >I have 3 installations of openldap-server-2.3.33 running on FreeBSD
> > >6.1-REL: ldap-master, ldap1, ldap2. I am using syncrepl to replicate 
> > >ldap-master to ldap1 and ldap2. The replicated directory is missing 
> > >entire ou branches in my tree.
> > >
> > >I have created the following objects in my directory:
> > >cn=syncrepl-ldap1,dc=example,dc=com
> > >cn=syncrepl-ldap2,dc=example,dc=com
> > >
> > >I've made the following configurations on the provider:
> > >| access to *
> > >|     by dn.regex="cn=syncrepl-(ldap1|ldap2),dc=example,dc=com" read
> > >|     by * break
> > >| 
> > >| # More ACLs Follow
> > >| 
> > >| # For Sync Replication
> > >| overlay syncprov
> > >| syncprov-checkpoint 100 10
> > >| syncprov-sessionlog 100
> > 
> > More information is needed. There's no indication that ACLs are any problem 
> > here. Of course, you've listed your rootdn in your ACLs, which is useless.
> 
> Could you suggest what other information might be helpful? I thought the
> fact that syncrepl works when binding as the rootdn but not the syncrepl
> user indicated ACLs. What makes you think otherwise?
> 
> > One possible explanation is that you didn't raise the sizelimits for the 
> > syncrepl users, so they weren't able to get a full refresh.
> 
> Thanks for this suggestion. I've added this (from a forum post):
> | limits dn.regex="cn=syncrepl-ldap1,dc=example,dc=com" 
> |   time.soft=unlimited time.hard=unlimited size.soft=unlimited 
> |   size.hard=unlimited
> 
> After restarting the provider, the consumer is still not replicating the
> missing portions of the directory. Do you have any other suggestions?

Just to clarify, I also blew away the backend on the consumer and
restarted that instance of slapd.

-- 
Chris Cowart
Network and Infrastructure Systems Administrator
RSSP-IT, UC Berkeley
"May all your pushes be popped"

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: syncrepl only works as rootdn
  - From: Howard Chu <hyc@symas.com>

References:
- Re: syncrepl only works as rootdn
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: syncrepl only works as rootdn
Next by Date: Re: syncrepl only works as rootdn
Index(es):
- Chronological
- Thread