On Wed, Jun 18, 2008 at 11:47:29AM -0700, Quanah Gibson-Mount wrote:
Is there some way that I can force a complete re-sync on a live server? I tried deleting the contextCSN through LDAP, but of course it won't let me do that on the slave.
Reset the cookie with the -c option to slapd when you start it on the slave server.
Yes - that almost does what I want... Using '-c rid=1,csn=0' causes the slave to collect things that it could not see before, but does not seem to make it delete things that it now cannot see in the master. Rather odd, as the master logs having sent a result for every entry in the new visible set so I imagined that was the 'present' phase of the replication.
However, what you are doing is not supported for a reason. You aren't supposed to be changing the dataset the slave is supposed to replicate like that without forcing a reload of the DB (which is what -c is going to essentially do).
True, but it would be handy :-)
I am thinking of the case where the slave server is in a more exposed position than the master (maybe outside a firewall). In such a case it would be silly to trust the slave to only take what it is 'supposed' to have, so the replication subset has to be defined by ACLs on the master.
It'd be interesting to be able to slapcat a master with a given set of permissions in place so you could just create an LDIF dump specific to that replica...
Yes. Trivial via LDAP of course, but rather slower.
Andrew