Hi, I'm testing REL_ENG_2_4. The provider is loaded with slapadd -w -F -f -l, while the consumer is started with an empty database. The initial database is replicated by the consumer but no further synchronisation occurs. I tested read access to all databases with ldapsearch so there is no hidden access rule that prevents from reading.
On the consumer I see many do_syncrep2: rid=003 got search entry without Sync State control do_syncrepl: rid=003 retrying (4 retries left)
I don't know wether this is important.
this are my configuration files
,----[ provider slapd.conf ] | database config | rootdn cn=config | rootpw secret | access to dn.subtree="cn=config" by dn.exact="cn=replicator,o=avci,c=de" read | overlay syncprov | | database bdb | suffix "o=avci,c=de" | rootdn "cn=admin,o=avci,c=de" | rootpw secret | ... | | overlay accesslog | logdb cn=log | logops writes | logpurge 3+00:00 1+00:00 | | overlay syncprov | syncprov-checkpoint 5 10 | | database bdb | suffix cn=log | directory /tmp/slapd1/log | rootdn cn=log | index reqStart eq | access to dn.subtree="cn=log" by dn.exact="cn=replicator,o=avci,c=de" read | database monitor `----
,----[ consumer slapd.conf ] | database config | rootdn cn=config | rootpw hhdy01 | access to dn.subtree="cn=config" by dn.exact="cn=replicator,o=avci,c=de" read | | syncrepl rid=01 | provider=ldap://localhost:1007 | bindmethod=sasl | saslmech=digest-md5 | authcid=replicator | credentials=xxxxxx | searchbase="cn=config" | scope=sub | attrs="*","+" | type=refreshAndPersist | retry="5 5 300 5" | MirrorMode off | | database bdb | suffix "o=avci,c=de" | rootdn "cn=admin,o=avci,c=de" | rootpw secret | syncrepl rid=03 | provider="ldap://localhost:9007" | bindmethod=sasl | saslmech=digest-md5 | authcid=replicator | credentials=replicator | searchbase="o=avci,c=de" | scope=sub | attrs="*","+" | type=refreshAndPersist | retry="5 5 300 5" | logbase="cn=log" | syncdata=accesslog | | updateref ldap://localhost:9007 | MirrorMode off | | overlay accesslog | logdb cn=log | logops writes | logpurge 3+00:00 1+00:00 | index reqStart eq | | database bdb | suffix cn=log | directory /tmp/slapd2/log | rootdn cn=log | index reqStart eq | access to dn.subtree="cn=log" by dn.exact="cn=replicator,o=avci,c=de" read | | database monitor `----
-Dieter
--On October 24, 2007 9:47:55 PM +0200 Dieter Kluenter dieter@dkluenter.de wrote:
Maybe this has changed for 2.4, but my understanding is that the accesslog db must be declared *before* the db that will be logging to it. In this case, you are doing the opposite. Although you obviously aren't doing delta-syncrepl since this is on the consumer side. But it may be worth tweaking.
| database bdb | suffix "o=avci,c=de" | rootdn "cn=admin,o=avci,c=de" | rootpw secret | syncrepl rid=03 | provider="ldap://localhost:9007" | bindmethod=sasl | saslmech=digest-md5 | authcid=replicator | credentials=replicator | searchbase="o=avci,c=de" | scope=sub | attrs="*","+" | type=refreshAndPersist | retry="5 5 300 5" | logbase="cn=log" | syncdata=accesslog | | updateref ldap://localhost:9007 | MirrorMode off | | overlay accesslog | logdb cn=log | logops writes | logpurge 3+00:00 1+00:00 | index reqStart eq | | database bdb | suffix cn=log | directory /tmp/slapd2/log | rootdn cn=log | index reqStart eq | access to dn.subtree="cn=log" by dn.exact="cn=replicator,o=avci,c=de" | read
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On October 24, 2007 9:47:55 PM +0200 Dieter Kluenter dieter@dkluenter.de wrote:
Maybe this has changed for 2.4, but my understanding is that the accesslog db must be declared *before* the db that will be logging to it.
That restriction is only in 2.3, no longer in 2.4.
In this case, you are doing the opposite. Although you obviously aren't doing delta-syncrepl since this is on the consumer side. But it may be worth tweaking.
Dieter Kluenter wrote:
Hi, I'm testing REL_ENG_2_4.
Testing for RE24 is done, the cutoff was a few hours ago. 2.4.6 has already been tagged for release.
The provider is loaded with slapadd -w -F -f -l, while the consumer is started with an empty database. The initial database is replicated by the consumer but no further synchronisation occurs. I tested read access to all databases with ldapsearch so there is no hidden access rule that prevents from reading.
On the consumer I see many do_syncrep2: rid=003 got search entry without Sync State control do_syncrepl: rid=003 retrying (4 retries left)
I don't know wether this is important.
this are my configuration files
Looks like you're trying to use delta-syncrepl. Obviously that's not the same as plain syncrepl. You should be more specific in your problem descriptions.
The message you see above is of course a problem. If the syncrepl consumer gets a response from the provider without a syncrepl control attached, it will abort.
It looks like you haven't configured a syncrepl provider on your access log, which would explain why the provider isn't attaching the control. (Because there is no provider.) Doesn't appear to be any software issues here.
,----[ provider slapd.conf ] | database config | rootdn cn=config | rootpw secret | access to dn.subtree="cn=config" by dn.exact="cn=replicator,o=avci,c=de" read | overlay syncprov | | database bdb | suffix "o=avci,c=de" | rootdn "cn=admin,o=avci,c=de" | rootpw secret | ... | | overlay accesslog | logdb cn=log | logops writes | logpurge 3+00:00 1+00:00 | | overlay syncprov | syncprov-checkpoint 5 10 | | database bdb | suffix cn=log | directory /tmp/slapd1/log | rootdn cn=log | index reqStart eq | access to dn.subtree="cn=log" by dn.exact="cn=replicator,o=avci,c=de" read | database monitor `----
,----[ consumer slapd.conf ] | database config | rootdn cn=config | rootpw hhdy01 | access to dn.subtree="cn=config" by dn.exact="cn=replicator,o=avci,c=de" read | | syncrepl rid=01 | provider=ldap://localhost:1007 | bindmethod=sasl | saslmech=digest-md5 | authcid=replicator | credentials=xxxxxx | searchbase="cn=config" | scope=sub | attrs="*","+" | type=refreshAndPersist | retry="5 5 300 5" | MirrorMode off | | database bdb | suffix "o=avci,c=de" | rootdn "cn=admin,o=avci,c=de" | rootpw secret | syncrepl rid=03 | provider="ldap://localhost:9007" | bindmethod=sasl | saslmech=digest-md5 | authcid=replicator | credentials=replicator | searchbase="o=avci,c=de" | scope=sub | attrs="*","+" | type=refreshAndPersist | retry="5 5 300 5" | logbase="cn=log" | syncdata=accesslog | | updateref ldap://localhost:9007 | MirrorMode off | | overlay accesslog | logdb cn=log | logops writes | logpurge 3+00:00 1+00:00 | index reqStart eq | | database bdb | suffix cn=log | directory /tmp/slapd2/log | rootdn cn=log | index reqStart eq | access to dn.subtree="cn=log" by dn.exact="cn=replicator,o=avci,c=de" read | | database monitor `----
-Dieter
-
Dieter Kluenter -
Howard Chu -
Quanah Gibson-Mount