Thanks for your answer. Here are the details asked: OpenLDAP version 2.4.46. syncprov-sessionlog 100 syncprov-sessionlog 100
Hi Alex,Your sessionlog value is way too small. It needs to be something a little larger than the entire size of your database (so > 800,000 in your case). I also see you're using standard syncrepl rather than delta-syncrepl.
Generally, having a "glued" object on a server indicates that at some point, the server was in a REFRESH mode (either you populated the server using syncrepl instead of slapcat, or it had some reason to fall back to REFRESH at a later date).
In the REFRESH mode, the server may get entries "out of order". In this case, a stub (glue) object is created to "hold" the place for tha entry until it gets fully replicated. Unfortunately, this doesn't always happen, and you end up being stuck with the glued object on the server.
You may be able to force replication of the object onto the server where it's missing by doing a MOD op against the affected entry on the master where it exists. If one master is "complete" (I.e., no glued objects), you could also slapcat that master and import the database into the othe rmaster via slapadd to resolve the problem for now.
Overally, I strongly advise using delta-syncrepl as it largely avoids these issues (as long as it never has to fall back to standard syncrepl REFRESH mode).
I would note that there was a fix in OpenLDAP 2.4.47 specific to delta-syncrepl when ppolicy is in use, so if using delta-sync you likely want that fix.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>