[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need help syncing with syncrepl 2.3

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: Need help syncing with syncrepl 2.3
From: "L. B." <allegatis@gmail.com>
Date: Thu, 20 May 2010 15:27:05 -0700
Cc: openldap-software@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=nQMUnpSd2BgMOQ6a9ueLqO7DaSoTwGEc8ifxMiAYBow=; b=LLr7ZpCa2tKCaeaJ5rw0FPNaLlyecZRd2EgwSxLqmv/XuObQIExmu9a9j9mjoPy/0p 1Fh4ZsnZZbInbsZesM8W80cQfMjcE9FV6jajhwN4ZKCFp5tW5x5p1Wh/GMmDUDjDfe2y /i+TPWkw0GLgm8Lf5y09CukkjFJwjY3Evq1uA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=ovG/yo3xAQuzeKKBafZg7wQ77JtHndxSGQ7wylL4yiEgrbKXhTvJxGNHh+K5CVNiK5 U3O6GaCSiLNAlAJj95MbXSgpz2A1rtqwzbtQg5R+ED9W8DXMiQ29C5wRGcArE4Pw01EL uiCUuiLzwqYu2L51XrjKrI9GOzfYJruN6Pva8=
In-reply-to: <201003301210.42326.bgmilne@staff.telkomsa.net>
References: <74d087111003291330j32db0567l1b0e46d62a37757b@mail.gmail.com> <201003301210.42326.bgmilne@staff.telkomsa.net>

Hi Buchan - I updated the limits statement to the following:

limits dn.exact="cn=Replicator,dc=swa,dc=com"
    size=unlimited
    time=unlimited

and now it appears to be working as expected!

On a side note, I never received a "Size limit exceeded" using the same parameters from the syncrepl configuration (I'm under 500 entries).

Thanks!

Rafael

Below is the new output after a synchronization:

May 20 22:16:06 admin-agis01 last message repeated 3 times
May 20 22:16:48 admin-agis01 slapd2.3[32501]: do_syncrep2: rid 001 LDAP_RES_INTERMEDIATE - SYNC_ID_SET 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_del_nonpresent: rid 001 be_delete uid=dyrnaesd,ou=Software Applications,dc=swa,dc=com (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 cn=users,ou=groups,dc=swa,dc=com 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 cn=swa,ou=groups,dc=swa,dc=com 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 uid=barreror,ou=Software Applications,dc=swa,dc=com 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) 
May 20 22:16:48 admin-agis01 slapd2.3[32501]: do_syncrep2: rid 001 LDAP_RES_SEARCH_RESULT 
May 20 22:17:23 admin-agis01 slapd2.3[32501]: <= bdb_equality_candidates: (uniqueMember) not indexed 


On Mar 30, 2010, at 4:10 AM, Buchan Milne wrote:

> On Monday, 29 March 2010 21:30:20 L.B. wrote:
>> Hi;
>> 
>> I've finally decided to make the move to syncrepl after much delay and
>> procrastination. I've read the guide and also reviewed several howto's
>> on the topic... It still isn't running correctly for me because it
>> doesn't replicate a few new users I've added to the provider. Also I'm
>> seeing the following issue over and over (every time it tries a sync
>> on my 10m interval):
> 
> This normally indicates that the consumer didn't get the final control, usually 
> because it didn't have sufficient (size/time) access to get the full search 
> results.
> 
> 
>> #########
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001
>> LDAP_RES_INTERMEDIATE - SYNC_ID_SET
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent:
>> rid 001 be_delete
>> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0)
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
>> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
>> be_search (0)
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001
>> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com
>> Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add
>> (0) Mar  5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001
>> LDAP_RES_SEARCH_RESULT
>> #########
>> 
>> My setup is RHEL4 with Buchan's RPMs
>> (openldap2.3-servers-2.3.39-3.rhel4, etc.).
> 
> 2.3.43 has been available for a long time ...
> 
>> I have a fairly simple
>> setup, one provider and one consumer.
>> 
>> Here is my provider config:
>> ######################
>> 
>> include /usr/share/openldap2.3/schema/core.schema
>> include /usr/share/openldap2.3/schema/cosine.schema
>> include /usr/share/openldap2.3/schema/inetorgperson.schema
>> include /usr/share/openldap2.3/schema/nis.schema
>> include /usr/share/openldap2.3/schema/misc.schema
>> include /usr/share/openldap2.3/schema/corba.schema
>> include /usr/share/openldap2.3/schema/openldap.schema
>> include /usr/share/openldap2.3/schema/ppolicy.schema
>> include /usr/share/openldap2.3/schema/ldapns.schema
>> 
>> access to *
>>  by dn.exact="cn=Replicator,dc=swa,dc=com" read
>>  by self read
>>  by * none break
>> 
>> limits group="cn=Replicator,dc=swa,dc=com"
>>  size=unlimited
>>  time=unlimited
> 
> The intention in my limits example is that you would create a groupOfNames for 
> cn=Replicator, and add additional host-specific DNs to this groupOfNames 
> object. But, it seems you have only one cn=Replicator non-group entry, changed 
> the ACL appropriately, but not the limits statement.
> 
> [...]
> 
>> syncrepl rid=001
>>     provider=ldap://ldap-agis01.mascorp.com
>>     type=refreshOnly
>>     interval=00:00:10:00
>>     retry="60 10 300 +"
>>     searchbase="dc=swa,dc=com"
>>     filter="(objectClass=*)"
>>     binddn="cn=Replicator,dc=swa,dc=com"
>>     bindmethod=simple
>>     credentials=yadayadayada
>>     schemachecking=off
>> updateref ldap://ldap-agis01.mascorp.com/
> 
> 
> Assuming you have more than 500 entries, if you do a search as this syncrepl 
> binddn, with the rest of the search parameters based on the syncrepl 
> configuration, do you get all entries, or a "Size limit exceeded" ?
> 
> Regards,
> Buchan

Prev by Date: Re: LDAPS connection failing with a "TLS accept failure error -1"
Next by Date: Re: Extra character when using search filter but won't appear in the search result
Index(es):
- Chronological
- Thread