[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication issue? Data is different between master and consumer with same entryCSNs

To: openldap-technical@openldap.org
Subject: Replication issue? Data is different between master and consumer with same entryCSNs
From: Dave Steiner <steiner@rutgers.edu>
Date: Wed, 5 Sep 2018 16:49:44 -0400
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=steiner@oit.rutgers.edu;
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oit.rutgers.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zUhuq3oC/cbbIc4jas5h/I1IC/PAArioS5WsUM/R3HU=; b=M5agn9UkO1CkK+fVB/96ZCUAkjSj7ki1V3qq0hLwMdk9FCW+flkS/ecznb3ct/RzhkcQu8oaGbbxOTWRdcs53xWTR3DWSSH0fwvIo9JcFcfbHZ3AVUm05YLZ4o6z7O+1nlzPK1hP70rUK10qsbwpuPlQvFrW09sf3KbTUKiTAB0=
Organization: Rutgers University
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

I've been noticing various data discrepancies between our LDAP master and LDAP consumers. We are running OpenLDAP v2.4.44. We have two masters running "mirromode TRUE" and all updates go through a VIP that points to the first one unless it's not available (doesn't happen very often except for during patches and restarts). We have 13 consumers that replicate through that same VIP.

Here's an example of our syncrepl for a client:

syncrepl rid=221
type=refreshAndPersist
schemachecking=on
provider="ldap://ldapmastervip.rutgers.edu/"
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
tls_reqcert=demand
tls_protocol_min="3.1"
searchbase="dc=rutgers,dc=edu"
attrs="*,+"
retry="10 10 20 +"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
network-timeout=30
keepalive=180:3:60

I check the contextCSN attributes on all the instances every day and they are all in sync (except during any major changes, of course). But I occasionally notice discrepancies in the data.... even though the contextCSNs and entryCSNs are the same. For example (note hostnames have been changed):

$ ldapsearch ... -H ldap://ldapmaster.rutgers.edu uid=XXXX postalAddress createTimestamp modifyTimestamp entryCSN
dn: uid=XXXX,ou=People,dc=rutgers,dc=edu
createTimestamp: 20121220100700Z
postalAddress: Business And Science Bldg$227 Penn Street$Camden, NJ 081021656
entryCSN: 20180505002024.083133Z#000000#001#000000
modifyTimestamp: 20180505002024Z

$ ldapsearch ... -H ldap://ldapconsumer3.rutgers.edu uid=XXXX postalAddress createTimestamp modifyTimestamp entryCSN
dn: uid=XXXX,ou=People,dc=rutgers,dc=edu
createTimestamp: 20121220100700Z
postalAddress: BUSINESS AND SCIENCE BLDG$227 PENN STREET$CAMDEN, NJ 081021656
entryCSN: 20180505002024.083133Z#000000#001#000000
modifyTimestamp: 20180505002024Z

So I'm trying to figure out why this happens (config issue, bug, ???) and second, if I can't use the contextCSN to report that everything is fine, what else can I do besides trying to compare ldif dumps.

thanks,
ds
--
Dave Steiner steiner@rutgers.edu
IdM, Enterprise Application Services ASB101; 848.445.5433
Rutgers University, Office of Information Technology

Follow-Ups:
- Re: Replication issue? Data is different between master and consumer with same entryCSNs
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: Replication issue? Data is different between master and consumer with same entryCSNs
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: duplicated naming context when using syncrepl proxy
Next by Date: olcSecurity: tls=1 and olcLocalSSF= : what value should I use?
Index(es):
- Chronological
- Thread