[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl missing entries in openldap 2.4.23
James_Whiteacre@McAfee.com wrote:
I am trying to set up syncrepl to have multiple providers to a single
consumer. Basically allowing me to combine two ldap's into a single ldap. I
know this is probably not a standard configuration but seems like it should work.
This seems to work for a while but then all of the records from one of the
providers is deleted. And even though the consumer still is polling both
providers the records will will not get added back.
No, this setup will always fail in the manner you describe. The way a syncrepl
refresh works by default is that the provider tells the consumer about every
entry it knows about within the search context. The consumer then deletes
everything on its side that the provider didn't enumerate. Since both of your
consumers are using the identical search base, every time one of them
refreshes it will always delete everything the other one retrieved. (This is
the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the
detailed explanation.)
It's possible to get this working, somewhat, using delta-syncrepl, which
usually does not use a Present phase. However, if the consumer ever lags
behind the provider's log (i.e., the consumer's state is older than the oldest
entry in the provider's log) then delta-syncrepl falls back to normal
syncrepl, and you'll hit the refresh Present phase again. So in general, what
you're trying to do is unsupported.
Here is my consumer syncrepl configuration. The providers are a standard provider configuration.
Any help would be appreciated.
Jim
serverID 064
database bdb
suffix "o=dogcatfish"
rootdn "cn=admin,o=dogcatfish"
limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw admin
# syncrepl configuration
syncrepl rid=64
provider=ldap://provider1
type=refreshOnly
interval=00:00:01:00
retry="60 10 300 +"
searchbase="o=dogcatfish"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=admin,o=dogcatfish"
credentials="admin"
# syncrepl configuration
syncrepl rid=68
provider=ldap://provider2
type=refreshOnly
interval=00:00:01:00
retry="60 10 300 +"
searchbase="o=dogcatfish"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=admin,o=dogcatfish"
credentials="admin"
# Indices to maintain
index contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail eq
checkpoint 1024 5
mirrormode TRUE
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/