Hi All, I would appreciate some insight with a syncrepl issue that I have. The scenario is as follows: (1) LDAP master running debian slapd v2.3.30 replicating using syncrepl to (2) LDAP master running debian slapd v2.4.11 The initial data for this node was seeded using slapcat/slapadd due to the db size. This is replicating via syncrepl to (3) LDAP slave running debian slapd v2.4.11 On (3) the slave I am receiving the error: do_syncrep2: cookie=rid=001,csn=20100825064231Z#000000#00#000000 do_syncrep2: rid=001 CSN too old, ignoring 20100825064231Z#000000#00#000000 for all replication events that are being received. What I am trying to achieve is to deprecate server (1) with as little downtime as possible, server (2) becomes the new master and (3) the new slave Replication between 1 & 2 works correctly but not between 2 & 3. The time is correct on the servers. Server (3) database is seeded using syncrepl. Configurations for 1, 2 & 3 are attached. |
modulepath /usr/lib/ldap moduleload back_bdb allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/nr.schema include /etc/ldap/schema/nr-mail.schema modulepath /usr/lib/ldap moduleload syncprov schemacheck on #sizelimit 100 pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args replogfile /var/lib/ldap/replog loglevel 0 #email database bdb suffix "ou=email,dc=xyz" directory "/var/lib/ldap-mail" checkpoint 128 15 lastmod on overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits "cn=admin,ou=email,dc=xyz" size=unlimited time=unlimited #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read index objectClass,uid,cn eq,pres index entryUUID eq updatedn "cn=admin,ou=email,dc=xyz" #dns replica host=1.2.3.4 suffix="ou=email,dc=xyz" bindmethod=simple binddn="cn=admin,ou=email,dc=xyz" credentials="comein" #www database bdb suffix "dc=xyz" directory "/var/lib/ldap-www" checkpoint 128 15 #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=People,dc=xyz" write by anonymous read by self write # The admin dn has full write access access to * by dn.regex="cn=admin,ou=People,dc=xyz" write by * read updatedn "cn=admin,ou=People,dc=xyz" index objectClass,uidNumber,gidNumber eq,pres index uid,cn eq,pres,approx
# This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nr-mail.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel none #loglevel 256 #loglevel none #loglevel 296 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov # The maximum number of entries that is returned for a search operation sizelimit 10 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 threads 32 #email database hdb overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 suffix "ou=email,dc=xyz" directory "/var/lib/ldap-mail" #db settings checkpoint 128 15 dbconfig set_cachesize 0 369868800 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_max 10000000 dbconfig set_lg_bsize 8192 #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read index objectClass,uid,cn,userPassword,entryCSN,entryUUID eq,pres rootdn "cn=admin,ou=email,dc=xyz" rootpw "secret" syncrepl rid=1 provider=ldap://1.2.1.21 type=refreshAndPersist searchbase="ou=email,dc=xyz" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=on bindmethod=simple binddn="cn=admin,ou=email,dc=xyz" credentials="secret" timelimit=unlimited sizelimit=unlimited retry="15 +" #updateref ldap://1.2.1.21 #www database hdb overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 suffix "dc=xyz" directory "/var/lib/ldap-www" #db settings checkpoint 128 15 dbconfig set_cachesize 0 268435456 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_max 10000000 dbconfig set_lg_bsize 8192 #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by anonymous read by self write access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read index objectClass,uidNumber,gidNumber,entryCSN,entryUUID,memberUid,userPassword eq,pres index uid,cn eq,pres,approx rootdn "cn=admin,ou=www,dc=xyz" rootpw "secret" syncrepl rid=2 provider=ldap://1.2.3.164 type=refreshAndPersist searchbase="dc=xyz" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=on bindmethod=simple binddn="cn=admin,ou=People,dc=xyz" credentials="secret" timelimit=unlimited sizelimit=unlimited retry="15 +" #updateref ldap://1.2.3.164
# This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nr-mail.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel none #loglevel 256 #loglevel none #loglevel 296 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb # The maximum number of entries that is returned for a search operation sizelimit 10 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 threads 32 #email database hdb suffix "ou=email,dc=xyz" directory "/var/lib/ldap-mail" #db settings checkpoint 128 15 dbconfig set_cachesize 0 369868800 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_max 10000000 dbconfig set_lg_bsize 8192 #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by anonymous read by self write access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read index objectClass,uid,cn,userPassword,entryUUID eq,pres rootdn "cn=admin,ou=email,dc=xyz" rootpw "secret" syncrepl rid=1 provider=ldap://1.2.3.188 type=refreshAndPersist searchbase="ou=email,dc=xyz" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=admin,ou=email,dc=xyz" credentials="secret" timelimit=unlimited sizelimit=unlimited updateref ldap://1.2.3.188 #www database hdb suffix "dc=xyz" directory "/var/lib/ldap-www" #db settings checkpoint 128 15 dbconfig set_cachesize 0 268435456 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_max 10000000 dbconfig set_lg_bsize 8192 #readonly on access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by anonymous read by self write access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read index objectClass,uidNumber,gidNumber,entryUUID,memberUid,userPassword eq,pres index uid,cn eq,pres,approx rootdn "cn=admin,ou=www,dc=xyz" rootpw "secret" syncrepl rid=2 provider=ldap://1.2.3.188 type=refreshAndPersist searchbase="dc=xyz" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=admin,ou=www,dc=xyz" credentials="secret" timelimit=unlimited sizelimit=unlimited updateref ldap://1.2.3.188