|
Hi, I can simulate the problem, since I have a cron job running at every 1 minute to execute query to the LDAP records, e.g. if the password is nearly expired, I will update a user-defined value. Since 4 servers will see that record will expire and set the record simultaneously at the same time, what will happen to this case ? It seems that it will corrupt the contextCSN. The reason to have this cron job running so frequently is that I want to check the pwdAccountLockedTime, if this attribute is present, I will update a user-defined value and this will synchronize to other servers. My question is, when a user is locked in one server (the pwdAccountLockedTime attribute exists), why the LDAP will not sync this attribute to other servers ??? Is this spec. or program bug ? I need to manually update a user-defined attrbiute, then, everything will be in synced... Thanks > Date: Tue, 11 Nov 2008 12:16:39 +0100 > From: ando@sys-net.it > To: badguy9588@hotmail.com > CC: openldap-technical@openldap.org > Subject: Re: > > Bad Guy wrote: > > Dear all, > > > > I am running the openldap 2.4.11 with 4 way masters (SID=001 to 004) configured. (my suffix is empty in slapd.conf) > > > > The data can be synced initially. I add records in 1 server and all the other 3 servers will have the new record added. However, I found that after running for some time, one server will have corrupted contextCSN in SID=001. > > > > dn: > > contextCSN:: sCttCIio0wAxNTQzMTMuMDQ1Mjk3WiMwMDAwMDAjMDAyIzAwMDAwMA== > > contextCSN: 20081107061013.853051Z#000000#001#000000 > > contextCSN: 20081107073602.911356Z#000000#003#000000 > > contextCSN: 20081107061028.825773Z#000000#004#000000 > > > > The contextCSN for SID=002 in server 1 is corrupted. So, whenever there is an update in SID=002 server, th e SID=001 server will never get the update, > > however, when there is update in SID=003 or SID=004 server, the records will get updated in SID=001. > > > > We have a background cron job in each server running at 1 minutes interval to retrieve the records and set some user defined attributes if it meet some certain criteria. > > > > What's the cause to this corruption ? Is there any way to recover the corrupted contextCSN by command or script without rebuild the data ? > > Looks similar to <http://www.openldap.org/its?findid=5661>. Can you > post your configuration? Also, can you try re24 code from the CVS (or > wait until 2.4.13 is out)? > > p. > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ----------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Fax: +39 0382 476497 > Email: ando@sys-net.it > ----------------------------------- > 5 GB 超大容量 、創新便捷、安全防護垃圾郵件和病毒 — 立即升級 Windows Live Hotmail? |