syncrepl constantly desyncing

["Eugene M. Zheganin" <eugene@zhegan.in>]

Hi,

I'm using  a configuration with two slapd servers, master and replica.
The problem is that replica is constantly desyncing. I'm monitoring it's
number of users and groups and the cound of members of one particular
group. Users and group entities are always in sync, but entities like
groupOfUniqueNames are desyncing - they are not receiveing deltas from
master, keeping their members count constant.

My config (done according to the documentation):

===Cut===
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

syncrepl rid=123
    provider=ldap://xx.xx.xx.xx:389
    type=refreshAndPersist
    interval=00:00:10:00
    retry="60 10 300 +"
    filter="(objectClass=*)"
    searchbase="dc=my,dc=domain"
    attrs="*,+"
    schemachecking=off
    bindmethod=simple
    binddn="uid=proxy,ou=accounts,ou=internal,dc=my,dc=domain"
    credentials=XXXXXXXXXXXXXX
===Cut===

I've also tried the refreshOnly method, which gave me same result. In
order to resync replica I have to flush the directory contents each time
and restart the slapd. I'm also suspecting that this desyncing happens 
because for some reason replica slapd isn't refreshing attribute values, 
only entities themselves: today I found a user, which userPassword 
attributes were out of sync on the replica. As far as I understand the 
documentation, syncrepl should sync the attributes.

And the last question - is there any simple way to enable logging of 
syncrepl warnings and errors ? My experience with openldap logging tells 
me there's to mode of logging - "none" and "generate 10Gb of logs per 
day", but may me it's just me.

Thanks.
Eugene.