I have never had any problems up until now with syncrepl. 1 consumer
is always in sync, yet the 2 newer ones start out in sync but after
about 10 minutes they don't sync at all. It is always fixed by
restarting slapd on the 2 problem consumers.
Various debugging and tcpdumps just confirm that it isn't staying in
sync but nothing as far as errors. This same configuration is running
on another instance (although openldap 2.3.27, db-4.4.20) with 1
provider and 9 consumers without any issues.
Configuration :
1 provider
3 consumers
All are openldap-2.3.32 with db-4.4.20 plus the 4 patches.
provider config :
database monitor
access to dn.subtree=cn=monitor
by dn.exact=cn=Manager,dc=company,dc=com write
by dn.subtree=dc=company,dc=com read
by * none
access to dn="" by * read
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=company,dc=com" write
by anonymous auth
by * none
access to *
by self write
by dn="cn=Manager,dc=company,dc=com" write
by * none
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * none
access to *
by self write
by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * read
access to *
by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * read
database bdb
suffix "dc=company,dc=com"
overlay ppolicy
ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com"
rootdn "cn=Manager,dc=company,dc=com"
rootpw {crypt}asdf
directory /blah/openldap/var/openldap-data
overlay syncprov
syncprov-checkpoint 10 60
syncprov-sessionlog 500
# Indices to maintain for this database
index objectClass eq,pres
index sudoUser eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index entryUUID eq
index entryCSN eq
consumer config (same on all 3, except for rid)
database monitor
access to dn.subtree=cn=monitor
by dn.exact=cn=Manager,dc=company,dc=com write
by dn.subtree=dc=company,dc=com read
by * none
access to dn="" by * read
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=company,dc=com" write
by anonymous auth
by * none
access to *
by self write
by dn="cn=Manager,dc=company,dc=com" write
by * none
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * none
access to *
by self write
by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * read
access to *
by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
write
by * read
database bdb
suffix "dc=company,dc=com"
overlay ppolicy
ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com"
rootdn "cn=Manager,dc=company,dc=com"
rootpw {crypt}adsf
directory /blah/openldap/var/openldap-data
# Indices to maintain for this database
index objectClass eq,pres
index sudoUser eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index entryUUID eq
syncrepl rid=2
provider=ldaps://10.0.0.1
type=refreshAndPersist
retry=60,10,300,3
searchbase="dc=company,dc=com"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com"
credentials=adsf