Christopher Cowart wrote:
On Thu, Feb 01, 2007 at 08:25:52PM -0800, Howard Chu wrote:
Redirected from -bugs; there is no evidence of a bug here.
Perhaps the -software list charter should include mention of support issues or questions? As it was, -bugs seemed most appropriate.
The -bugs list is for discussion of actual bug reports. Bug reports are submitted using the ITS. Usage questions belong on the -software list. As its charter says: "technical issues specific to OpenLDAP Software."
More information is needed. There's no indication that ACLs are any problem here. Of course, you've listed your rootdn in your ACLs, which is useless.
Could you suggest what other information might be helpful? I thought the fact that syncrepl works when binding as the rootdn but not the syncrepl user indicated ACLs. What makes you think otherwise?
Aside from the extraneous rootdn rules, there was no problem with your ACLs. You should have provided the complete database configuration on the provider, for starters. At this point that's probably not necessary since you obviously didn't have the correct limits in place. These requirements are documented in section 15.3.2 of the Admin Guide. http://www.openldap.org/doc/admin23/syncrepl.html
One possible explanation is that you didn't raise the sizelimits for the syncrepl users, so they weren't able to get a full refresh.
Thanks for this suggestion. I've added this (from a forum post): | limits dn.regex="cn=syncrepl-ldap1,dc=example,dc=com" | time.soft=unlimited time.hard=unlimited size.soft=unlimited | size.hard=unlimited
After restarting the provider, the consumer is still not replicating the missing portions of the directory. Do you have any other suggestions?
You'll probably need to reset the sync cookie on the consumers. See section 15.3.3 of the Admin Guide, and/or the slapd(8) manpage.