Hello,
I am having a very odd problem after upgrading from openldap 2.4.16 (stable)
I have a syncrepl provider/ consumer setup using openldap 2.4.19
(stable) and when i start an empty consumer, in the provider logs i am
getting:
Nov 4 17:07:51 producer slapd[7250]: [ID 702911 local4.debug] @(#)
$OpenLDAP: slapd 2.4.19 (Nov 4 2009 12:53:47) $
Nov 4 17:07:51 producer
@qgdevpro:/home/govops/build.local/openldap-2.4.19/servers/slapd
Nov 4 17:07:51 producer slapd[7286]: [ID 100111 local4.debug] slapd
starting
Nov 4 17:08:04 producer slapd[7286]: [ID 848112 local4.debug] conn=0
fd=16 ACCEPT from IP=10.0.0.2:53951 <http://10.0.0.2:53951>
(IP=10.0.0.1:389 <http://10.0.0.1:389>)
Nov 4 17:08:04 producer slapd[7286]: [ID 215403 local4.debug] conn=0
op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128
Nov 4 17:08:04 producer slapd[7286]: [ID 600343 local4.debug] conn=0
op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0
Nov 4 17:08:04 producer slapd[7286]: [ID 588225 local4.debug] conn=0
op=0 RESULT tag=97 err=0 text=
Nov 4 17:08:04 producer slapd[7286]: [ID 469902 local4.debug] conn=0
op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Nov 4 17:08:04 producer slapd[7286]: [ID 744844 local4.debug] conn=0
op=1 SRCH attr=* +
Nov 4 17:08:04 producer slapd[7286]: [ID 832699 local4.debug] conn=0
op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 4 17:08:04 producer slapd[7286]: [ID 218904 local4.debug] conn=0
op=2 UNBIND
Nov 4 17:08:04 producer slapd[7286]: [ID 952275 local4.debug] conn=0
fd=16 closed
on the consumer i get a lot of (one set after each refresh attempt) :
Nov 4 17:41:04 consumer slapd[7660]: [ID 365351 local4.debug]
do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT
Nov 4 17:41:04 consumer slapd[7660]: [ID 664938 local4.debug]
do_syncrepl: rid=001 rc -2 retrying
Important part being "nentries=0", i run the equivalent command at the
command propmt of the consumer, ie:
ldapsearch -b dc=example,dc=org -D 'cn=replicator,dc=example,dc=org' -w
<password> -s sub -x '(objectclass=*) ' '* +'
I get the result i would expect above, ie:
Nov 4 17:20:14 producer slapd[7286]: [ID 848112 local4.debug] conn=16
fd=16 ACCEPT from IP=10.0.0.2:54049 <http://10.0.0.2:54049>
(IP=10.0.0.1:389 <http://10.0.0.1:389>)
Nov 4 17:20:14 producer slapd[7286]: [ID 215403 local4.debug] conn=16
op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128
Nov 4 17:20:14 producer slapd[7286]: [ID 600343 local4.debug] conn=16
op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0
Nov 4 17:20:14 producer slapd[7286]: [ID 588225 local4.debug] conn=16
op=0 RESULT tag=97 err=0 text=
Nov 4 17:20:14 producer slapd[7286]: [ID 469902 local4.debug] conn=16
op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)"
Nov 4 17:20:14 producer slapd[7286]: [ID 744844 local4.debug] conn=16
op=1 SRCH attr=* +
Nov 4 17:21:03 producer slapd[7286]: [ID 832699 local4.debug] conn=16
op=1 SEARCH RESULT tag=101 err=0 nentries=85611 text=
Nov 4 17:21:03 producer slapd[7286]: [ID 218904 local4.debug] conn=16
op=2 UNBIND
Nov 4 17:21:03 producer slapd[7286]: [ID 952275 local4.debug] conn=16
fd=16 closed
Note here i get nentries=85611 (with a phole bunch of results) for what
is essentialy the same query.
I'd appreciate any feedback, surely i must be missing something really
obvious?
My config is below.
Cheers
Brett
<< begin of provider slapd >>
######################################################################
# global options
######################################################################
include /usr/local/openldap/etc/openldap/schema/core.schema
include /usr/local/openldap/etc/openldap/schema/cosine.schema
include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
modulepath /usr/local/openldap/libexec/openldap
#moduleload back_ldbm.la <http://back_ldbm.la>
#moduleload back_monitor.la <http://back_monitor.la>
pidfile /var/openldap/run/slapd.pid
argsfile /var/openldap/run/slapd.args
# threads for faster concurrent slapadd
tool-threads 4
######################################################################
# global database ACLs
######################################################################
# allow replicator to read all
access to *
by dn.exact="cn=replicator,dc=example,dc=org" read
by * break
[ ..etc.. ]
# default rules
access to *
by self write
by * read
######################################################################
# logging configuration
######################################################################
# testing
loglevel stats sync
######################################################################
# primary database
######################################################################
database hdb
suffix "dc=example,dc=org"
directory /var/openldap/data
rootdn "cn=Manager, dc=example,dc=org"
rootpw <password>
checkpoint 2000 15
cachesize 20000
idlcachesize 60000
cachefree 4000
# unlimited dn cache (openldap 2.4.16 and above)
dncachesize 0
# General Indexes (there is more than this - but they are all the same form)
index default pres,eq
index objectClass,uid,mail pres,eq
index cn,sn,ou,streetAddress,givenName,title,telephoneNumber eq,sub
# Indices for Syncrepl
index entryCSN,entryUUID eq
# allow replicator DN have unlimited searches (per-database)
limits dn.exact="cn=replicator,dc=example,dc=org" time=unlimited
size=unlimited
######################################################################
# replication information - monitor backend
######################################################################
database monitor
<< end of provider slapd >>