[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl missing entries in openldap 2.4.23



James_Whiteacre@McAfee.com wrote:
I am trying to set up syncrepl to have multiple providers to a single
consumer. Basically allowing me to combine two ldap's into a single ldap. I
know this is probably not a standard configuration but seems like it should work.

This seems to work for a while but then all of the records from one of the
providers is deleted. And even though the consumer still is polling both
providers the records will will not get added back.

No, this setup will always fail in the manner you describe. The way a syncrepl refresh works by default is that the provider tells the consumer about every entry it knows about within the search context. The consumer then deletes everything on its side that the provider didn't enumerate. Since both of your consumers are using the identical search base, every time one of them refreshes it will always delete everything the other one retrieved. (This is the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the detailed explanation.)

It's possible to get this working, somewhat, using delta-syncrepl, which usually does not use a Present phase. However, if the consumer ever lags behind the provider's log (i.e., the consumer's state is older than the oldest entry in the provider's log) then delta-syncrepl falls back to normal syncrepl, and you'll hit the refresh Present phase again. So in general, what you're trying to do is unsupported.


Here is my consumer syncrepl configuration. The providers are a standard provider configuration.

Any help would be appreciated.

Jim


serverID 064

database        bdb
suffix          "o=dogcatfish"
rootdn          "cn=admin,o=dogcatfish"

limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw                  admin

# syncrepl configuration
syncrepl rid=64
          provider=ldap://provider1
          type=refreshOnly
          interval=00:00:01:00
          retry="60 10 300 +"
          searchbase="o=dogcatfish"
          filter="(objectClass=*)"
          scope=sub
          attrs="*,+"
          schemachecking=off
          bindmethod=simple
          binddn="cn=admin,o=dogcatfish"
          credentials="admin"

# syncrepl configuration
syncrepl rid=68
          provider=ldap://provider2
          type=refreshOnly
          interval=00:00:01:00
          retry="60 10 300 +"
          searchbase="o=dogcatfish"
          filter="(objectClass=*)"
          scope=sub
          attrs="*,+"
          schemachecking=off
          bindmethod=simple
          binddn="cn=admin,o=dogcatfish"
          credentials="admin"

# Indices to maintain
index   contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail   eq
checkpoint 1024 5

mirrormode TRUE




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/