I have a master and nine delta-syncrepl replicas all running on RHEL 4 using OpenLDAP 2.3.38 on the master and all replicas.
The master is configured to purge entries from the accesslog after 12 hours (and checks every 2 hours). I forget where I grabbed that from why I used it.
Anyway, I have discovered that if one of the replicas gets more than 12 hours behind (ie, is shutdown or we reload the database from yesterday), that it will grab all the updates that have happened in the last 12 hours and then the CSN of the replica and the master will be in agreement, but the changes that happened more than the 12 hours (of the accesslog) ago are not present on the replica.
Is this a configuration mistake I have made (other than setting the accesslog purge time to 12 hours) or is this a limitation (that I likely knew at one time and then forgot and now have relearned the hard way)?
Is there an option I can set on the replica's so they will refuse to start if their CSN is older than the oldest record in the accesslog of the master when they start up?
If this has been discussed in the past, I'm sorry, I did search, but not certain of the terms to use, I didn't have any luck finding anything that looked promising.
Here's the relevant parts of the master's slapd.conf
database hdb suffix cn=accesslog directory /var/lib/ldap/accesslog rootdn cn=accesslog checkpoint 1024 5 index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE
database bdb suffix dc=example,dc=com ... overlay syncprov syncprov-checkpoint 1000 60
overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 12:00 02:00
And from the replica's:
database bdb suffix dc=example,dc=com ... syncrepl rid=100 provider=ldaps://ldaprw.example.com bindmethod=simple binddn="cn=MySyncUser,dc=example,dc=com" credentials=NotMyRealPassword searchbase="dc=example,dc=com" logbase="cn=accesslog" logfilter="(&(objectclass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry=30,+ syncdata=accesslog
Thanks,