Hi;
I've finally decided to make the move to syncrepl after much delay and procrastination. I've read the guide and also reviewed several howto's on the topic... It still isn't running correctly for me because it doesn't replicate a few new users I've added to the provider. Also I'm seeing the following issue over and over (every time it tries a sync on my 10m interval):
######### Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent: rid 001 be_delete uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_search (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 LDAP_RES_SEARCH_RESULT #########
My setup is RHEL4 with Buchan's RPMs (openldap2.3-servers-2.3.39-3.rhel4, etc.). I have a fairly simple setup, one provider and one consumer.
Here is my provider config: ######################
include /usr/share/openldap2.3/schema/core.schema include /usr/share/openldap2.3/schema/cosine.schema include /usr/share/openldap2.3/schema/inetorgperson.schema include /usr/share/openldap2.3/schema/nis.schema include /usr/share/openldap2.3/schema/misc.schema include /usr/share/openldap2.3/schema/corba.schema include /usr/share/openldap2.3/schema/openldap.schema include /usr/share/openldap2.3/schema/ppolicy.schema include /usr/share/openldap2.3/schema/ldapns.schema
access to * by dn.exact="cn=Replicator,dc=swa,dc=com" read by self read by * none break
limits group="cn=Replicator,dc=swa,dc=com" size=unlimited time=unlimited
access to * by dn.exact="uid=agis-ldap,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com" read by self read by * none break
access to attrs=userPassword by self write by * auth
pidfile /cluster/agis-ldap/ldap-master/var/run/slapd.pid argsfile /cluster/agis-ldap/ldap-master/var/run/slapd.args
modulepath /usr/lib/openldap2.3 moduleload ppolicy.la moduleload syncprov.la
TLSCertificateFile /cluster/agis-ldap/ldap-master/etc/cacerts/ldap.pem TLSCertificateKeyFile /cluster/agis-ldap/ldap-master/etc/cacerts/ldap.pem TLSCACertificateFile /cluster/agis-ldap/ldap-master/etc/cacerts/ldap.pem
loglevel 256
database bdb suffix "dc=swa,dc=com" rootdn "cn=Manager,dc=swa,dc=com" rootpw {SSHA}YADYADAYADA
directory /cluster/agis-ldap/ldap-master/var/lib/ldap
overlay ppolicy ppolicy_default "cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com" ppolicy_use_lockout
overlay syncprov syncprov-checkpoint 1 10 syncprov-sessionlog 100 serverid 001
cachesize 100000 idlcachesize 100000
checkpoint 256 5
index objectClass eq index ou,cn,mail,givenname eq,subinitial index uidNumber,gidNumber,memberUid,loginShell eq index uid eq,subinitial index uniqueMember pres index entryCSN,entryUUID eq ######################
Here is my consumer config: ###################### include /usr/share/openldap2.3/schema/core.schema include /usr/share/openldap2.3/schema/cosine.schema include /usr/share/openldap2.3/schema/inetorgperson.schema include /usr/share/openldap2.3/schema/nis.schema include /usr/share/openldap2.3/schema/misc.schema include /usr/share/openldap2.3/schema/corba.schema include /usr/share/openldap2.3/schema/openldap.schema include /usr/share/openldap2.3/schema/ppolicy.schema include /usr/share/openldap2.3/schema/ldapns.schema
access to * by dn.exact="uid=agis-ldap,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com" read by self read by * none break
access to attrs=userPassword by self write by * auth
pidfile /cluster/agis-ldap/ldap-slave/var/run/slapd.pid argsfile /cluster/agis-ldap/ldap-slave/var/run/slapd.args
modulepath /usr/lib/openldap2.3 moduleload ppolicy.la moduleload syncprov.la
TLSCertificateFile /cluster/agis-ldap/ldap-slave/etc/cacerts/ldap.pem TLSCertificateKeyFile /cluster/agis-ldap/ldap-slave/etc/cacerts/ldap.pem TLSCACertificateFile /cluster/agis-ldap/ldap-slave/etc/cacerts/ldap.pem
loglevel sync
database bdb suffix "dc=swa,dc=com" rootdn "cn=Manager,dc=swa,dc=com" rootpw {SSHA}YADYADAYADA
directory /cluster/agis-ldap/ldap-slave/var/lib/ldap
overlay ppolicy ppolicy_default "cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com" ppolicy_use_lockout
cachesize 100000 idlcachesize 100000
checkpoint 256 5
index objectClass eq index ou,cn,mail,givenname eq,subinitial index uidNumber,gidNumber,memberUid,loginShell eq index uid eq,subinitial index uniqueMember pres index entryCSN,entryUUID eq
syncrepl rid=001 provider=ldap://ldap-agis01.mascorp.com type=refreshOnly interval=00:00:10:00 retry="60 10 300 +" searchbase="dc=swa,dc=com" filter="(objectClass=*)" binddn="cn=Replicator,dc=swa,dc=com" bindmethod=simple credentials=yadayadayada schemachecking=off updateref ldap://ldap-agis01.mascorp.com/ ######################
Any help would be much appreciated!
Thanks!!
Rafael