[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl issue

To: openldap-technical@openldap.org
Subject: syncrepl issue
From: Frank Luo <frank.luoy@gmail.com>
Date: Fri, 25 Jan 2013 11:59:42 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=4SrKy+p4B1JO1IHszWM7s9uVfi1hxENg01ZxPun3jlk=; b=Ndg8fQdhdjQyXTm013v2Hkw/bosCAwR1ksPzsaOrXJpdnBlaFDm9WJjJI6+zvSmiE/ sFNPfgfI4KpPkgdMDoumJp5lM1Bbv9Cb1YfUH+1fcuYhkHFXkzs8sarymcC4W4XHfE8a ZPgOCVBL4qcOADD0ioG9YaSE4seTOK5nlguT/bfPLnQRghQdWOGJWnyktxY5z+psTEKt J0GJKK1TiHu7HdQ1OYJJEAra48F8lIR8rlEbGV4PcOVGolUtOuZWD7GhzzbxsR/QUDGi 9HhA3Pd8u6GaXymabPXZbXC/QTPFNqBPa5aoKPjtraY22YU3ETpI9dxlvbsPUKPvaf/V 4I2Q==

We have 4 openldap servers, 1 and 2 are masters with mirror mode., 3
and 4 are slaves. 3 and 4 sometimes get out of sync with masters. But
a few minutes or a few hours later, it can get synced again with some
"random" events.  The reason I call it "random" because I could not
find any patter yet. This happens almost every day.

What I found is 3 and 4 (consumer) sometime get newer entryCSN than 1
and 2 (provider)

for example

on 1 and 2
entryCSN: 20130115190406.091431Z#000000#001#000000

on 3 and 4
entryCSN: 20130116183923.969790Z#000000#000#000000

I have confirmed that with the following syncrepl config, we can not
update entry on 3 or 4 directly. (ldap_modify: Server is unwilling to
perform (53)
	additional info: shadow context; no update referral). So that exclude
the possibility 3 and 4 get updated directly from ldap client.

Any direction?

Thanks

Frank


Attachment:    sync config portion

#server 1
serverID 1
syncrepl      rid=001
              provider=ldap://s2.domain.com
              bindmethod=simple
              binddn="cn=Manager,dc=domain,dc=com"
              credentials=xxxxxxx
              searchbase="dc=domain,dc=com"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"
mirrormode on

#server 2
serverID 2
syncrepl      rid=002
              provider=ldap://s1.domain.com
              bindmethod=simple
              binddn="cn=Manager,dc=domain,dc=com"
              credentials=xxxxxxx
              searchbase="dc=domain,dc=com"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"
mirrormode on

#server 3
syncrepl      rid=003
              provider=ldap://ldaptm.domain.com
              bindmethod=simple
              binddn="cn=Manager,dc=domain,dc=com"
              credentials=xxxxxxx
              searchbase="dc=domain,dc=com"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"


#server 4
syncrepl      rid=004
              provider=ldap://ldaptm.domain.com
              bindmethod=simple
              binddn="cn=Manager,dc=domain,dc=com"
              credentials=xxxxxxx
              searchbase="dc=domain,dc=com"
              schemachecking=on
              type=refreshAndPersist
              retry="60 +"

As you noticed, ldaptm.domain.com is a virtual service on load
balancer with server 1 and 2 behind

Follow-Ups:
- Re: syncrepl issue
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: slapd-ldap: second search operation always generates error LdapErr: DSID-0C0906E8
Next by Date: Re: missing entry in slapcat backup
Index(es):
- Chronological
- Thread