Hi all I was reading this post in openldap-technical forum. I am in the process to install a full authenticate service here
using samba and openldap, my pdc and bdc are ldap based servers, and are in
different locations, using a router to connect them, then… a full master
ldap is needed in these two locations. I have two ldap servers in mirror mode (in a virtual machines,
using vmware), these two servers are time synchronized using the same time
server. When a update a ldap entry in one server, the data replicate fine,
but when I use the other, I have the following error in my logs. Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2:
cookie=rid=002,sid=002,csn=20090429165015.624045Z#000000#001#000000 Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2: rid=002
CSN too old, ignoring 20090429165015.624045Z#000000#001#000000 The time is very difficult to maintain in sync when virtual
machines are in use, and Openldap servers are extremely sensitive to time lag. Apparently this is a bug in ldap 2.4.11 and will be fixed in ldap
2.4.16 http://www.openldap.org/lists/openldap-bugs/200903/msg00202.html Anyone could solve the problem? Im using debian lenny srvped2master:/etc/ldap# apt-cache policy slapd slapd: Installed: 2.4.11-1 Candidate: 2.4.11-1 Version table: *** 2.4.11-1 0 500
http://ftp.us.debian.org lenny/main Packages 100
/var/lib/dpkg/status This is my slapd.conf ################# serverID 1 include
/etc/ldap/schema/core.schema include
/etc/ldap/schema/cosine.schema include
/etc/ldap/schema/nis.schema include
/etc/ldap/schema/inetorgperson.schema include
/etc/ldap/schema/samba.schema include
/etc/ldap/schema/misc.schema pidfile
/var/run/slapd/slapd.pid argsfile
/var/run/slapd/slapd.args loglevel 16384 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov sizelimit 500 tool-threads 1 backend hdb database hdb suffix
"dc=avhlima,dc=edu,dc=pe" rootdn
"cn=admin,dc=avhlima,dc=edu,dc=pe" directory
"/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 syncrepl rid=001 provider=ldap://192.168.4.8 type=refreshAndPersist retry="60 +" searchbase="dc=avhlima,dc=edu,dc=pe" attrs="*,+" bindmethod=simple binddn="cn=admin,dc=avhlima,dc=edu,dc=pe" credentials=XXXXXXXXXXXX mirrormode on index
objectClass eq index
cn pres,sub,eq index
sn pres,sub,eq index uid
pres,sub,eq index
displayName pres,sub,eq index
uidNumber eq index
gidNumber eq index
memberUID eq index
sambaSID eq index
sambaPrimaryGroupSID eq index
sambaDomainName eq index
default sub lastmod on checkpoint 512 30 overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange by
dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by
dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write by * read ########################## The diff between servers are only in: serverID 2 syncrepl rid=002 provider=ldap://192.168.3.8 Thanx 4 your time Victor |