[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
Hi Buchan,
As you mentioned, I tested the configuration manually in the provider:
I removed all the earlier ACL settings in slapd.conf of provider and
just added the global ACL below:
access to *
by * read
When I ran ldapsearch query using -D
"uid=syncrepl,ou=System,dc=example,dc=com" on the provider machine, I
am getting the result as:
#ldapsearch2.4 -x -W -D "uid=syncrepl,ou=System,dc=example,dc=com" -b
"dc=example,dc=com" mail uid givenName
<Entries Snipped>
# search result
search: 2
result: 4 Size limit exceeded
# numResponses: 501
# numEntries: 500
Thanks & Regards,
Karthik Dathathri
-----Original Message-----
From: Buchan Milne <bgmilne@staff.telkomsa.net>
To: openldap-software@openldap.org
Cc: Karthik Dathathri <karthikd@aol.in>
Sent: Mon, 20 Oct 2008 1:47 pm
Subject: Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in
consumer end
On Tuesday 14 October 2008 13:18:37 Karthik Dathathri wrote:
I was trying to setup replication using syncrepl with openldap 2.4.11
on two machines running RHEL 5.0
The provider has approximately 1000 entries in the directory.
On the consumer side, I am getting the following error after
synchronization of around 500 records.
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001
cn=Delfin Labarge,ou=Payroll,dc=example,dc=com
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 be_add
(0)
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 (4) Size
limit exceeded
I am using "refreshOnly" syncrepl in the consumer.
The syncrepl user dn is uid=syncrepl,ou=System,dc=example,dc=com
and added this dn as a member to a group called LDAPAdmins
(cn=LDAPAdmins,ou=Groups,dc=example,dc=com)
slapd.conf configuration at the consumer end is as follows:
This is irrelevant, searches are done against the provider, not the
consumer.
# Replicas running syncrepl as non-rootdn need unrestricted size/time
limits:
limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
size=unlimited
time=unlimited
#SyncRepl slave configuration
syncrepl rid=001
provider=ldap://16.167.10.25
type=refreshOnly
interval=00:00:05:00
searchbase="dc=example,dc=com"
binddn="uid=syncrepl,ou=System,dc=example,dc=com"
credentials=secret
timelimit=unlimited
sizelimit=unlimited
slapd.conf configuration at the provider is as follows:
#Global ACL for replication
access to *
by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" read
by anonymous read
So, access to * by * read would work, and you can't be sure that your
group is
working from the ACLs ....
# syncprov
index entryCSN,entryUUID eq
# Replicas running syncrepl as non-rootdn need unrestricted size/time
limits:
limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
size=unlimited
time=unlimited
So, if you do a search as your uid=syncrepl DN (with ldapsearch), how
many
entries do you get, and what result code do you get?
# ACL ensuring replicator has write access
Syncrepl does not require that any replication DN has write access
anywhere
...
access to *
by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" write
by * read
#syncprov overlay configuration
overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100
Any pointers would be appreciated. If someone needs more information
about the environment, please
let me know.
It;s possible to test some of your configuration manually, which I
would
normally do *first* (before configuring the consumer).
Regards,
Buchan
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in