[Date Prev][Date Next] [Chronological] [Thread] [Top]

multi-master consumer refresh present problems



Title: multi-master consumer refresh present problems

I am trying to configure a 2 LDAP directory server system that allows updates to occur (from a user) on server 1 and server 2 with server 1 replicating changes to server 2 via the refresh and persist method of syncrepl Only a small number of records will be updated by users on server 2 (5,000 records) and the changes will be made only within 2 unique branches of the tree (ounit=system,dc=authentx and permissions=dxy,ounit=permissions,dc=authentx); any records that are updated/added/deleted by users on server 2 must not be replicated to server 1.  Replication is one-way from server 1 from server 2.  Replication works fine if both the provider and consumer servers are up.  The problem I am having occurs when server 2s consumer slapd starts and a refresh present phase occurs (a refresh present phase occurs if changes are made to the provider while the consumer is down and then the provider slapd is bounced (stopped/restarted)

In scenario 1, I defined the consumer to replicate everything from the provider.  When the refresh present occurs on the consumer, the consumer slapd deletes any records that were previously added by a user at server 2.  My understanding is that this is the normal behavior.

In scenario 2, I defined the consumer to replicate only certain branches from the provider by specifying a filter statement in the syncrepl section of the slapd.conf file.  When the refresh present occurs on the consumer, the consumer slapd deletes numerous records within some of the branches that were specified in the filter statement.  For example, my syncrepl statement is:

syncrepl        rid=001

        provider=ldap://localhost:3891

        type=refreshAndPersist

        retry="30 60 60 +"

        searchbase="dc=authentx"

        filter="(|(entrydn:dnSubtreeMatch:=ounit=credentials,dc=authentx)

                (entrydn:dnSubtreeMatch:=ounit=entities,dc=authentx)

                 (entrydn:dnSubtreeMatch:=permissions=authentx,ounit=permissions,dc=authentx)

                        (entrydn:dnSubtreeMatch:=permissions=hspd12,ounit=permissions,dc=authentx))"

        scope=sub

        schemachecking=off

        bindmethod=simple

        binddn="cn=xroot,dc=authentx"

        credentials="SECRET"

mirrormode on

The consumer slapd did not delete records incorrectly when I tested with a 3,000 record database, but when I tested with a 750,000 record database, when the refresh present occurs on the consumer, the consumer slapd deletes numerous records within some of the branches that were specified in the filter statement (these are deleted by the syncrepl_del_nonpresent() function, based on messages in the slapd log file with sync debug turned on).  The 750,000 record database provider has records in the following branches:

        ounit=credentials,dc=authentx (300,000+ records)

        ounit=entities,dc=authentx (20,000+ records)

permissions=authentx,ounit=permissions,dc=authentx (6 records)

permissions=dxy,ounit=permissions,dc=authentx (4,000+ records)

permissions=hspd12,ounit=permissions,dc=authentx (50,000+ records)

ounit=system,dc=authentx (13 records)

After the sync refresh phase occurred on the consumer, the consumer database has records in the following branches:

        ounit=credentials,dc=authentx (300,000+ records)

        ounit=entities,dc=authentx (20,000+ records)

permissions=authentx,ounit=permissions,dc=authentx (0 records)

permissions=dxy,ounit=permissions,dc=authentx (0 records)

permissions=hspd12,ounit=permissions,dc=authentx (0 records)

ounit=system,dc=authentx (0 records)

In scenario 3, I defined the consumer as a multi-master consumer by specifying the overlay syncprov section in the slapd.conf file.   When a "Refresh Present" phase is performed at a multi-master consumer, objects that were deleted at the provider while the consumer was down are not deleted from the multi-master consumer (if the provider is brought down and back up after the consumer is down).  I wrote ITS#6671 for this problem.

Does anyone have any suggestions on how I can accomplish my requirements for the 2 servers?

Barry Colston