(ITS#6619) CSN too old - openldap-bugs

11 Aug 2010


      Full_Name: Heinz Hölzl
Version: 2.4.23
OS: Linux Ubuntu Hardy LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.18.132.37)
If i sync a part of my DIT with syncrepl, the first sync works fine. Then if i
modify some objects on the provider, on the consumer appears: "do_syncrep2:
rid=105 CSN too old, ignoring 20100811125159.871757Z#000000#001#000000"
If i sync the hole DIT all works fine.
If i use openldap 2.4.19 for syncing only a part of the DIT all works fine too.
The version of the provider is 2.4.23 too.
slapd.conf on the provider:
...snip....
database	ldap
lastmod         on
suffix		"dc=krb"
rootdn		"cn=admin,dc=krb"
uri		"ldaps://lbackend.s2.dc.gvcc.net:10636"
readonly	on
...snip...
slapd.conf on the consumer:
# Schema and objectClass definitions
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/sgv.schema
include         /etc/openldap/schema/mozillaOrgPerson.schema
include         /etc/openldap/schema/kerberos.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
allow bind_v2
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
#schemacheck     on
loglevel        none
#######################################################################
# ldbm database definitions
#######################################################################
modulepath	/usr/lib/ldap
moduleload	back_hdb
moduleload	rwm
sizelimit unlimited
tool-threads 1
access to *
    by * write
include		/etc/openldap/tls.conf
backend		hdb
# KERBEROS
database        hdb
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod         on
suffix          "dc=krb"
checkpoint      512 30
directory       "/var/lib/ldap/krb"
rootdn          "cn=admin,dc=krb"
rootpw          blabla
include		/etc/openldap/slapd.replica.consumer-krb
index           objectClass                                     eq
index           krbPrincipalName                                eq,pres,sub
index           krbPwdPolicyReference                           eq,pres
index           entryUUID,aliasedObjectName                     eq
index           default                                         sub
###############################################################################
/etc/openldap/slapd.replica.consumer-krb:
# syncrepl 
syncrepl	rid=101 searchbase="dc=krb" scope=base
    provider=ldaps://syncrepl.zid.gvcc.net
    type=refreshAndPersist
    retry="5 5 300 +"
    schemachecking=off
    bindmethod=sasl
    saslmech=EXTERNAL
    tls_cert=/etc/openldap/.ssl/usercert.pem
    tls_key=/etc/openldap/.ssl/user.key
    tls_cacert=/etc/ssl/cacert.pem
    tls_reqcert=try
syncrepl	rid=102 searchbase="cn=princs,dc=krb" scope=base
    provider=ldaps://syncrepl.zid.gvcc.net
    type=refreshAndPersist
    retry="5 5 300 +"
    schemachecking=off
    bindmethod=sasl
    saslmech=EXTERNAL
    tls_cert=/etc/openldap/.ssl/usercert.pem
    tls_key=/etc/openldap/.ssl/user.key
    tls_cacert=/etc/ssl/cacert.pem
    tls_reqcert=try
syncrepl	rid=103 searchbase="cn=krbcontainer,dc=krb" scope=sub
    provider=ldaps://syncrepl.zid.gvcc.net
    type=refreshAndPersist
    retry="5 5 300 +"
    schemachecking=off
    bindmethod=sasl
    saslmech=EXTERNAL
    tls_cert=/etc/openldap/.ssl/usercert.pem
    tls_key=/etc/openldap/.ssl/user.key
    tls_cacert=/etc/ssl/cacert.pem
    tls_reqcert=try
    syncdata=default
syncrepl	rid=104 searchbase="o=zid,cn=princs,dc=krb" scope=sub
    provider=ldaps://syncrepl.zid.gvcc.net
    type=refreshAndPersist
    retry="5 5 300 +"
    schemachecking=off
    bindmethod=sasl
    saslmech=EXTERNAL
    tls_cert=/etc/openldap/.ssl/usercert.pem
    tls_key=/etc/openldap/.ssl/user.key
    tls_cacert=/etc/ssl/cacert.pem
    tls_reqcert=try
    syncdata=default
syncrepl	rid=105 searchbase="o=klingons,cn=princs,dc=krb" scope=sub
    provider=ldaps://syncrepl.zid.gvcc.net
    type=refreshAndPersist
    retry="5 5 300 +"
    schemachecking=off
    bindmethod=sasl
    saslmech=EXTERNAL
    tls_cert=/etc/openldap/.ssl/usercert.pem
    tls_key=/etc/openldap/.ssl/user.key
    tls_cacert=/etc/ssl/cacert.pem
    tls_reqcert=try
    syncdata=default
##################################################################
buid-options for both versions (2.4.19 and 2.4.23) used on the consumer an on
the provider:
./configure --prefix=${prefix} --bindir=${prefix}/bin --sbindir=${prefix}/sbin
--libexecdir=${prefix}/lib --libdir=${prefix}/lib --sysconfdir=/etc
--localstatedir=/var --mandir=${prefix}/share/man --enable-debug
--enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local
--enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd
--enable-spasswd --enable-modules --enable-rewrite --enable-rlookups
--enable-slapi --enable-slp --enable-wrappers --enable-backends=mod
--disable-ndb --enable-overlays=mod --with-subdir=ldap --with-cyrus-sasl
--with-threads --with-tls=openssl --with-odbc=unixodbc --build x86_64-linux-gnu