In every case, there's a log entry:
do_syncrep2: rid 123 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
followed by some number of these:
syncrepl_entry: rid 123 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
("some number" is MUCH less than the number of records)
then:
do_syncrep2: rid 123 LDAP_RES_INTERMEDIATE - REFRESH_PRESENT
followed by some (other) number of these:
syncrepl_del_nonpresent: rid 123 be_delete
uid=whatever,ou=Accounts,dc=example,dc=co,dc=nz (0)
*INCLUDING* be_deletes for nearly ALL the top-level entries:
be_delete cn=root,dc=example,dc=co,dc=nz (0)
be_delete ou=Accounts,dc=example,dc=co,dc=nz (66)
be_delete ou=Mailbox,dc=example,dc=co,dc=nz (66)
be_delete ou=Services,dc=example,dc=co,dc=nz (66)
be_delete ou=Offices,dc=example,dc=co,dc=nz (66)
be_delete ou=Networks,dc=example,dc=co,dc=nz (66)
be_delete ou=Rooms,dc=example,dc=co,dc=nz (66)
be_delete ou=Group,dc=example,dc=co,dc=nz (66)
be_delete ou=EmailLists,dc=example,dc=co,dc=nz (66)
be_delete ou=People,dc=example,dc=co,dc=nz (66)
be_delete ou=Computers,dc=example,dc=co,dc=nz (66)
This would seem to leave the database completely empty, and in a state
where nothing and nobody can authenticate to it. No amount of
stopping/restarting has any effect (because it thinks it is in sync)
until we repair it by starting with the empty sync cookie.
There have been at least 10 instances of this fault on different servers
in the last 1-2 weeks.
Because I can't reproduce the problem on demand, I won't know for sure
whether or not the new version fixes it, but I have built the new
version and am now running it on a test server.