Hello OpenLDAP fans,
I have a situation which came to my attention inadvertantly after creating a new replication slave for my directory. The directory holds a number of posix user accounts, and some of these entries with the posixAccount object class also have a sambaSamAccount object class. I use delta-syncrepl for my slaves, because of how quickly I can set them up at new locations. However, after creating this slave and setting up auth through PAM on a linux machine to use the new slave I found I was unable to log in, but other users could. After checking the contents of ou=people on the slave, it seems no entries referencing any samba attributes or samba object classes were replicated. As it turns out, I had forgotten to include
samba.schema in my slave slapd.conf.
Now, I set out to fix this on my own. Restarting the server after adding the schema definition did not populate the samba entries on the slave. I was instructed to try modifying one of the missing entries by the wonderful users in #ldap, in hopes it would trigger syncrepl to send the missing entry to the slave. This also had no effect. After 30 minutes of frusteration I simply wiped out the openldap-data directory on the slave and restarted LDAP. This did work. However, it recreated the whole database on the slave, which could have taken a long time if my directory was larger.
In the future I would like to know how to repair replication issues in a less blunt manner. Any suggestions or comments would be appreciated.
Thanks,
Scott Sanders