alex.s@wildix.com wrote:
Full_Name: Alex Version: 2.4.44+dfsg-5+deb9u2 OS: Debian 9 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (154.41.3.130)
Looks like schemachecking parameter does not work properly
I have a few LDAPs On main LDAP server I changed the schema with an additional attribute.
On the secondary LDAPs I have a problem with replication (does not download items which have new attribute)
I have the following configuration on the secondary LDAP:
olcSyncrepl: {0}rid=001 provider=ldap://remote_ldap_addr bindmethod=simple timeout=0 network-timeout=0 binddn="cn=admin,dc=example" credentials="testPass" starttls=no filter="(objectclass=*)" searchbase="dc=example" scope=sub schemachecking=off type=refreshAndPersist interval=00:00:02:00 retry="5 +"
I have the following errors in syslog:
Jul 22 17:05:29 221100000e68 slapd[6838]: null_callback : error code 0x50 Jul 22 17:05:29 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add uid=1326514,o=com0,dc=example failed (80) Jul 22 17:05:29 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying Jul 22 17:05:34 221100000e68 slapd[6838]: null_callback : error code 0x50 Jul 22 17:05:34 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add uid=1326514,o=com0,dc=example failed (80) Jul 22 17:05:34 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying Jul 22 17:05:39 221100000e68 slapd[6838]: null_callback : error code 0x50 Jul 22 17:05:39 221100000e68 slapd[6838]: syncrepl_entry: rid=001 be_add uid=1326514,o=com0,dc=example failed (80) Jul 22 17:05:39 221100000e68 slapd[6838]: do_syncrepl: rid=001 rc 80 retrying
syncrepl is ignoring the schema as you requested. However the underlying backend is refusing to store the entries that syncrepl passes to it.
In general, turning off schema checking is only safe for overriding syntax validity checks on known attributes. You still have to at least define the existence of these attributes on all participating servers.