Thank you very much Eli for concidering my issue. Here is
my scenario... I couldnât find any abnormality in log files and also I
never seen any deletion logs in the server. Slapd will go for hang and some
ID`s will get disappear same will be replicate to slaves too. Mainly Groups and
Computer accounts I can see some UNBIND and connection lost logs from
one server and another multimaster server from Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138411
op=24 SEARCH RESULT tag=101 err=32 nentries=0 text= Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424
op=12 SRCH base="ou=Groups,dc=emb,dc=slb,dc=com" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))" Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424
op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description
displayName cn objectClass Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138424
op=12 SEARCH RESULT tag=101 err=0 nentries=0 text= Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138415
op=21 SRCH
base="sambaDomainName=EMB,sambaDomainName=emb,dc=emb,dc=slb,dc=com"
scope=2 deref=0
filter="(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=emb))" Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138415
op=21 SEARCH RESULT tag=101 err=32 nentries=0 text= Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138385
op=46 SRCH base="ou=Groups,dc=emb,dc=slb,dc=com" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(|(displayName=test)(cn=test)))" Jul 11 04:03:39 gb0135embldap01 slapd[9852]: conn=138385
op=46 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description
displayName cn objectClass Jul 11 04:03:39 gb0135embldap01 slapd[9852]: <=
bdb_equality_candidates: (displayName) not indexed Jul 11 04:03:39 gb0135embldap01 slapd[9852]: <=
bdb_equality_candidates: (cn) not indexed Jul 11 04:07:53 gb0135embldap01 slapd[21335]: @(#)
$OpenLDAP: slapd 2.4.15 (Mar 19 2009 10:07:59) $
^Ibuildd@yellow:/build/buildd/openldap-2.4.15/debian/build/servers/slapd Jul 11 04:07:54 gb0135embldap01 slapd[21337]: slapd
starting Jul 11 04:07:54 gb0135embldap01 slapd[21337]: conn=0
fd=23 ACCEPT from IP=[::1]:57016 (IP=[::]:389) Jul 11 04:07:54 gb0135embldap01 slapd[21337]: conn=1
fd=24 ACCEPT from IP=134.32.44.37:40763 (IP=0.0.0.0:389) OLCDATABSE objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=emb,dc=slb,dc=com olcAccess: {0}to
attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword Âby dn="cn=admin,dc=emb,dc=slb,dc=com" write Âby
dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=136.250.9.48 write Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=163.185.18.238 write Âby anonymous auth by self write Âby * none olcAccess: {1}to dn.base="" by * read #Enable Local Admin to add users in the Group and also
SunOne to add users to country groups olcAccess: {2}to dn.subtree="ou=groups,dc=emb,dc=slb,dc=com" Âby set="user/uid &
[cn=group-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write Âby
dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=136.250.9.48 write Âby
dn="cn=sunone-replication,dc=emb,dc=slb,dc=com" peername.ip=163.185.18.238
write Âby * read #Enable Local Admin to add computers olcAccess: {3}to
dn.subtree="ou=Computers,dc=emb,dc=slb,dc=com" Âby set="user/uid &
[cn=group-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write Âby * read #Enable shell-admin to set up local user access olcAccess: {4}to attrs=loginShell,homeDirectory Âby set="user/uid &
[cn=shell-admin,ou=SuperGroups,dc=emb,dc=slb,dc=com]/memberuid" write Âby
dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=136.250.9.48 write Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=163.185.18.238 write Âby * read #Enable write access to account sun-one-replication for
sun ldap replication. olcAccess: {5}to * Âby dn="cn=admin,dc=emb,dc=slb,dc=com" write Âby dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=136.250.9.48 write Âby
dn="cn=sunone-replication,dc=emb,dc=slb,dc=com"
peername.ip=163.185.18.238Â write Âby * read olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: gidNumber eq olcDbIndex: loginShell eq olcDbIndex: uid eq,pres,sub olcDbIndex: memberUid eq,pres,sub olcDbIndex: uniqueMember eq,pres olcDbIndex: sambaSID eq olcDbIndex: sambaPrimaryGroupSID eq olcDbIndex: sambaGroupType eq olcDbIndex: sambaSIDList eq olcDbIndex: sambaDomainName eq olcDbIndex: default sub structuralObjectClass: olcHdbConfig entryUUID: f479600a-5f34-102f-8ddd-3ff046e70702 creatorsName: cn=admin,cn=config createTimestamp: 20100928101442Z olcRootDN: cn=admin,dc=emb,dc=slb,dc=com olcSyncrepl: {0}rid=003 provider=ldap://gb0135embldap01.emb.slb.com
binddn="cn Â=admin,dc=emb,dc=slb,dc=com" bindmethod=simple
credentials=Bsl@121z searchbas Âe="dc=emb,dc=slb,dc=com" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 Â 5" timeout=1 starttls=yes olcSyncrepl: {1}rid=004
provider=ldap://ae0042embldap01.emb.slb.com binddn="cn Â=admin,dc=emb,dc=slb,dc=com" bindmethod=simple
credentials=Bsl@121z searchbas Âe="dc=emb,dc=slb,dc=com" type=refreshOnly
interval=00:00:00:10 retry="5 5 300 Â 5" timeout=1 starttls=yes olcMirrorMode: TRUE entryCSN: 20100928191927.932499Z#000000#001#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20100928191927Z Ldap Version @(#) $OpenLDAP: slapd 2.4.15 (Mar 19 2009 10:07:59) $ Operating system Distributor ID: Ubuntu Description:ÂÂÂ Ubuntu 9.04 Release:ÂÂÂÂÂÂÂ 9.04 Codename:ÂÂÂÂÂÂ jaunty Thanks, -Arun -----Original Message----- Have you tried raising the loglevel? Are the schemas the same between the servers? Is time in sync between the servers? What versions are you dealing with? You don't provide a lot of info and most of us are not clairvoyant.... Regards, Eli 2011/7/11Â <arun.sasi1@wipro.com>: > > > > > Thanks, > > -Arun > > > > From: Arun Sasi V (WI01 - Manage IT) > Sent: Wednesday, July 06, 2011 5:46 PM > To: 'openldap-technical@openldap.org' > Subject: Multi Master OpenLdap. > > > > Hello Team, > > > > I have configured Multi-master Mirror mode replica
setup in our environment. > We have 3 regions slave Ldap server which is read
only and two location we > have configured as mirror mode replica Ldap. My
problem here isâ > > > > Master Ldap is going hang some times and some ID`s
are disappearing from the > master server. I couldnât find any logs over there
for why ID`s are > disappearing and also why Ldap is going hung state. > > > > Thanks & Regards, > > Arun Sasi V > > Please do not print this email unless it is
absolutely necessary. > > The information contained in this electronic message
and any attachments to > this message are intended for the exclusive use of
the addressee(s) and may > contain proprietary, confidential or privileged
information. If you are not > the intended recipient, you should not disseminate,
distribute or copy this > e-mail. Please notify the sender immediately and
destroy all copies of this > message and any attachments. > > WARNING: Computer viruses can be transmitted via
email. The recipient should > check this email and any attachments for the
presence of viruses. The > company accepts no liability for any damage caused
by any virus transmitted > by this email. > > www.wipro.com Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com |