[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap 2.3 syncrepl filter problem

To: Lanfeust troy <lanfeust99@gmail.com>
Subject: Re: Openldap 2.3 syncrepl filter problem
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Wed, 08 Jul 2009 14:07:44 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <70b8028f0906250656k4a825a62h1258bf5354c05321@mail.gmail.com>
References: <70b8028f0906250656k4a825a62h1258bf5354c05321@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1pre) Gecko/20090707 Shredder/3.0b3pre

Hi,

On 25/06/2009 15:56, Lanfeust troy wrote:

Hi list,

In configuration of provider and consumer server with syncrepl is
possible to modify the replication filter for add new user in replica.

In fisrt time the replica is :

syncrepl rid=123
         provider=ldap://rh-test3.kvm.rla:389
         type=refreshOnly
         interval=00:00:01:00
         retry="30 10 600 20"
         searchbase="dc=local"
         filter="(|(objectClass=sambaGroupMapping)(uid=user1))"
         scope=sub
         schemachecking=off
         bindmethod=simple
         binddn="uid=syncrepl,ou=sysusers,dc=local"
         credentials=pwdsyncrepl
         # BEGIN Session TLS
         starttls="critical"
         tls_cacert=__CACERTFILE__
         # End Session TLS

Be careful of this syntax. Every line beginning with white space isconsidered a continuation of the previous line.

So when this configuration file is read, it appears as one long linestarting with syncrepl... and anything after a "#" is a comment. So yourtls options are not being used, here.

When start the replica server it doing an ldapsearch and retrieve my
data in replica.

So now we modify the filter as the following :
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"

Now when the replica doing the ldapsearch request it do with the new
filter but returning numentrie to 0
like this in the log of master LDAP server:

Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 BIND
dn="uid=syncrepl,ou=sysusers,dc=local" mech=SIMPLE ssf=0
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=1 RESULT tag=97 err=0
text=
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH base="dc=local"
scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SRCH attr=* +
Jun 24 22:40:40 rh-test3 slapd[28012]: conn=83 op=2 SEARCH RESULT
tag=101 err=0 *nentries=0* text=

And when i do ldapsearch manually :

ldapsearch -x -b dc=local -H ldap://rh-test3.kvm.rla
"(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"

Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 BIND dn="" method=128
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=1 RESULT tag=97 err=0
text=
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SRCH
base="dc=local" scope=2 deref=0
filter="(|(objectClass=sambaGroupMapping)(uid=user1)(uid=user2))"
Jun 24 23:40:38 rh-test3 slapd[28012]: conn=133 op=2 SEARCH RESULT
tag=101 err=0 *nentries=13* text=


I don't understand why my new user is not sync !!

The reason for this is that syncrepl is state-based. This means thatwhen you restart your replica server, it only queries the master forchanges since the last know replication. If the object uid=user2 hadbeen changed since then, it would have been replicated.

If you change your syncrepl configuration, you should reset this statusby launching slapd with "-c rid=123". This will cause it to startsyncrepl from scratch, and will replicate all entries.


Regards,
Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------

Prev by Date: Re: Maximum uidNumber (posix / ldap).
Next by Date: syncrepl configuration possibilities
Index(es):
- Chronological
- Thread