[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap 2.3 syncrepl filter problem
Hi,
On 25/06/2009 15:56, Lanfeust troy wrote:
Hi list,
In configuration of provider and consumer server with syncrepl is
possible to modify the replication filter for add new user in replica.
In fisrt time the replica is :
syncrepl rid=123
provider=ldap://rh-test3.kvm.rla:389
type=refreshOnly
interval=00:00:01:00
retry="30 10 600 20"
searchbase="dc=local"
filter="(|(objectClass=sambaGroupMapping)(uid=user1))"
scope=sub
schemachecking=off
bindmethod=simple
binddn="uid=syncrepl,ou=sysusers,dc=local"
credentials=pwdsyncrepl
# BEGIN Session TLS
starttls="critical"
tls_cacert=__CACERTFILE__
# End Session TLS
Be careful of this syntax. Every line beginning with white space is
considered a continuation of the previous line.
So when this configuration file is read, it appears as one long line
starting with syncrepl... and anything after a "#" is a comment. So your
tls options are not being used, here.
When start the replica server it doing an ldapsearch and retrieve my
data in replica.
So now we modify the filter as the following :
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Now when the replica doing the ldapsearch request it do with the new
filter but returning numentrie to 0
like this in the log of master LDAP server:
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 BIND
dn="uid=syncrepl,ou=sysusers,dc=local" mech=SIMPLE ssf=0
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 RESULT tag=97 err=0
text=
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH base="dc=local"
scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH attr=* +
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SEARCH RESULT
tag=101 err=0 *nentries=0* text=
And when i do ldapsearch manually :
ldapsearch -x -b dc=local -H ldap://rh-test3.kvm.rla
"(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 BIND dn="" method=128
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 RESULT tag=97 err=0
text=
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SRCH
base="dc=local" scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SEARCH RESULT
tag=101 err=0 *nentries=13* text=
I don't understand why my new user is not sync !!
The reason for this is that syncrepl is state-based. This means that
when you restart your replica server, it only queries the master for
changes since the last know replication. If the object uid=user2 had
been changed since then, it would have been replicated.
If you change your syncrepl configuration, you should reset this status
by launching slapd with "-c rid=123". This will cause it to start
syncrepl from scratch, and will replicate all entries.
Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------