[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl missing entries in openldap 2.4.23
So does OpenLDAP have another mechanism to do this? Combine two ldap providers into a single consumer that is?
Jim
On Mar 4, 2011, at 4:31 PM, Howard Chu wrote:
> James_Whiteacre@McAfee.com wrote:
>> I am trying to set up syncrepl to have multiple providers to a single
> consumer. Basically allowing me to combine two ldap's into a single ldap. I
> know this is probably not a standard configuration but seems like it should work.
>>
>> This seems to work for a while but then all of the records from one of the
> providers is deleted. And even though the consumer still is polling both
> providers the records will will not get added back.
>
> No, this setup will always fail in the manner you describe. The way a syncrepl
> refresh works by default is that the provider tells the consumer about every
> entry it knows about within the search context. The consumer then deletes
> everything on its side that the provider didn't enumerate. Since both of your
> consumers are using the identical search base, every time one of them
> refreshes it will always delete everything the other one retrieved. (This is
> the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the
> detailed explanation.)
>
> It's possible to get this working, somewhat, using delta-syncrepl, which
> usually does not use a Present phase. However, if the consumer ever lags
> behind the provider's log (i.e., the consumer's state is older than the oldest
> entry in the provider's log) then delta-syncrepl falls back to normal
> syncrepl, and you'll hit the refresh Present phase again. So in general, what
> you're trying to do is unsupported.
>
>
>> Here is my consumer syncrepl configuration. The providers are a standard provider configuration.
>>
>> Any help would be appreciated.
>>
>> Jim
>>
>>
>> serverID 064
>>
>> database bdb
>> suffix "o=dogcatfish"
>> rootdn "cn=admin,o=dogcatfish"
>>
>> limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited
>>
>> # Cleartext passwords, especially for the rootdn, should
>> # be avoid. See slappasswd(8) and slapd.conf(5) for details.
>> # Use of strong authentication encouraged.
>> rootpw admin
>>
>> # syncrepl configuration
>> syncrepl rid=64
>> provider=ldap://provider1
>> type=refreshOnly
>> interval=00:00:01:00
>> retry="60 10 300 +"
>> searchbase="o=dogcatfish"
>> filter="(objectClass=*)"
>> scope=sub
>> attrs="*,+"
>> schemachecking=off
>> bindmethod=simple
>> binddn="cn=admin,o=dogcatfish"
>> credentials="admin"
>>
>> # syncrepl configuration
>> syncrepl rid=68
>> provider=ldap://provider2
>> type=refreshOnly
>> interval=00:00:01:00
>> retry="60 10 300 +"
>> searchbase="o=dogcatfish"
>> filter="(objectClass=*)"
>> scope=sub
>> attrs="*,+"
>> schemachecking=off
>> bindmethod=simple
>> binddn="cn=admin,o=dogcatfish"
>> credentials="admin"
>>
>> # Indices to maintain
>> index contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail eq
>> checkpoint 1024 5
>>
>> mirrormode TRUE
>>
>>
>
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/