[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap 2.3 syncrepl filter problem



Hi,

On 25/06/2009 15:56, Lanfeust troy wrote:
Hi list,

In configuration of provider and consumer server with syncrepl is
possible to modify the replication filter for add new user in replica.

In fisrt time the replica is :

syncrepl rid=123
         provider=ldap://rh-test3.kvm.rla:389
         type=refreshOnly
         interval=00:00:01:00
         retry="30 10 600 20"
         searchbase="dc=local"
         filter="(|(objectClass=sambaGroupMapping)(uid=user1))"
         scope=sub
         schemachecking=off
         bindmethod=simple
         binddn="uid=syncrepl,ou=sysusers,dc=local"
         credentials=pwdsyncrepl
         # BEGIN Session TLS
         starttls="critical"
         tls_cacert=__CACERTFILE__
         # End Session TLS

Be careful of this syntax. Every line beginning with white space is considered a continuation of the previous line.

So when this configuration file is read, it appears as one long line starting with syncrepl... and anything after a "#" is a comment. So your tls options are not being used, here.

When start the replica server it doing an ldapsearch and retrieve my
data in replica.

So now we modify the filter as the following :
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"

Now when the replica doing the ldapsearch request it do with the new
filter but returning numentrie to 0
like this in the log of master LDAP server:

Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 BIND
dn="uid=syncrepl,ou=sysusers,dc=local" mech=SIMPLE ssf=0
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 RESULT tag=97 err=0
text=
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH base="dc=local"
scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH attr=* +
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SEARCH RESULT
tag=101 err=0 *nentries=0* text=

And when i do ldapsearch manually :

ldapsearch -x -b dc=local -H ldap://rh-test3.kvm.rla
"(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"

Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 BIND dn="" method=128
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 RESULT tag=97 err=0
text=
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SRCH
base="dc=local" scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SEARCH RESULT
tag=101 err=0 *nentries=13* text=


I don't understand why my new user is not sync !!

The reason for this is that syncrepl is state-based. This means that when you restart your replica server, it only queries the master for changes since the last know replication. If the object uid=user2 had been changed since then, it would have been replicated.

If you change your syncrepl configuration, you should reset this status by launching slapd with "-c rid=123". This will cause it to start syncrepl from scratch, and will replicate all entries.

Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------