[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Consumer replication 0 entries fetched - CSN problem?



Yes, I used distro packages for Centos 6; and yes, I understand your
point. I may have the luxury of building openldap from scratch for
LDAP02, though I don't have the redundancy (the point of this whole
exercise) that I need to reinstall LDAP01 by building it from scratch.
That was an unfortunate mistake in hindsight that I stuck with the
distro package there. I suppose to start over I would have to make a
new server and slapcat the LDAP01 config? How would I carry over the
existing DB entries without using replication? I'm still a novice when
it comes to OLC.

As for the ACL, that was a result of my sloppy email editing. I
changed the name of the DNs. They actually match in my config. Once I
proof-of-concept the replication I will create replication-only user
DNs.

But nothing looks overtly amiss with my CSNs or UUIDs?

Thanks,
Josh

On Tue, Sep 16, 2014 at 10:16 AM, Michael Ströder <michael@stroeder.com> wrote:
> Josh Nielsen wrote:
>> OLC server (LDAP01 - version 2.4.23) the new master and threw up a new
>> VM called LDAP02 (2.4.23) to become the new sync replication
>> slave/consumer.
>
> Don't use such an ancient version which is four years old now.
> Many syncrepl issues have been fixed since then (and are to be fixed in
> upcoming 2.4.40).
>
> And better don't argue that you have to use your favourite distribution's
> packages. We had this discussion here numerous times.
>
> And of course it could be a ACL issue in your particular configuration.
> In particular you have
>
> olcRootDN: cn=admin,dc=mydomain,dc=org
>
> but
>
> olcSyncrepl: {0} [..] binddn="cn=root,dc=mydomain,dc=org"
>
> Anyway you should not use rootdn for anything. Set up proper group-based ACLs
> for service accounts instead.
>
> ...
>
> Ciao, Michael.
>