[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ppolicy overlay and MMR experiencing frequent delta-sync lost issue
- To: OpenLDAP Technical List <openldap-technical@openldap.org>
- Subject: ppolicy overlay and MMR experiencing frequent delta-sync lost issue
- From: Beth Halsema <bhalsema@purdue.edu>
- Date: Mon, 9 Jan 2017 09:53:05 -0500 (EST)
- User-agent: Alpine 2.20 (LRH 67 2015-01-07)
We are running Openldap 2.4.44 on RHEL6 in a delta-syncrepl MMR
configuration. We are using the ppolicy overlay. This setup is
resulting in frequent occurrences on the consumers of:
* delta-sync lost
* traversal of the entire directory
* delta-syncrepl switches back into refreshAndPersist
* slapd memory usage increasing
We have found that this behavior is consistently triggered when the
operation that is being replicated involves a password change in
combination with the removal of ppolicy attributes (e.g. pwdGraceUseTime
and pwdFailureTime).
The detailed debugging output associated with such an occurrence is:
------------------------------------------------------------------------------
58739e68 bdb_modify_internal: replace userPassword
58739e68 bdb_modify_internal: replace pwdChangedTime
58739e68 bdb_modify_internal: softdel pwdGraceUseTime
58739e68 bdb_modify_internal: add pwdHistory
58739e68 bdb_modify_internal: replace entryCSN
58739e68 bdb_modify_internal: replace modifiersName
58739e68 bdb_modify_internal: replace modifyTimestamp
58739e68 bdb_modify_internal: delete pwdGraceUseTime
58739e68 bdb_modify_internal: 16 modify/delete: pwdGraceUseTime: no such attribute
...
58739e68 do_syncrep2: rid=001 delta-sync lost sync on (reqStart=20170109142959.000006Z,cn=log), switching to REFRESH
------------------------------------------------------------------------------
We have submitted OpenLDAP-ITS #8561 with a unit test and a possible patch to
the ppolicy overlay.
If anyone else has run into this, we would be interested in any other work-
arounds that have been used to address the issue.
Thank you!
Beth
-------------------------------------------------------------------------
Beth A. Halsema - GSEC, GSSP-Java email:bhalsema@purdue.edu
Sofware Engineer, Identity & Access Management
OVPIT - IT Security and Policy
3495 Kent Avenue, Suite 100 Fax : (765) 464-2233
West Lafayette, IN 47906 Campus Mail: ROSS