Hello,
I am having a very odd problem after upgrading from openldap 2.4.16 (stable)
I have a syncrepl provider/ consumer setup using openldap 2.4.19 (stable) and when i start an empty consumer, in the provider logs i am getting:
Nov 4 17:07:51 producer slapd[7250]: [ID 702911 local4.debug] @(#) $OpenLDAP: slapd 2.4.19 (Nov 4 2009 12:53:47) $ Nov 4 17:07:51 producer @qgdevpro:/home/govops/build.local/openldap-2.4.19/servers/slapd Nov 4 17:07:51 producer slapd[7286]: [ID 100111 local4.debug] slapd starting Nov 4 17:08:04 producer slapd[7286]: [ID 848112 local4.debug] conn=0 fd=16 ACCEPT from IP=10.0.0.2:53951 (IP=10.0.0.1:389) Nov 4 17:08:04 producer slapd[7286]: [ID 215403 local4.debug] conn=0 op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128 Nov 4 17:08:04 producer slapd[7286]: [ID 600343 local4.debug] conn=0 op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0 Nov 4 17:08:04 producer slapd[7286]: [ID 588225 local4.debug] conn=0 op=0 RESULT tag=97 err=0 text= Nov 4 17:08:04 producer slapd[7286]: [ID 469902 local4.debug] conn=0 op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)" Nov 4 17:08:04 producer slapd[7286]: [ID 744844 local4.debug] conn=0 op=1 SRCH attr=* + Nov 4 17:08:04 producer slapd[7286]: [ID 832699 local4.debug] conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Nov 4 17:08:04 producer slapd[7286]: [ID 218904 local4.debug] conn=0 op=2 UNBIND Nov 4 17:08:04 producer slapd[7286]: [ID 952275 local4.debug] conn=0 fd=16 closed
on the consumer i get a lot of (one set after each refresh attempt) :
Nov 4 17:41:04 consumer slapd[7660]: [ID 365351 local4.debug] do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT Nov 4 17:41:04 consumer slapd[7660]: [ID 664938 local4.debug] do_syncrepl: rid=001 rc -2 retrying
Important part being "nentries=0", i run the equivalent command at the command propmt of the consumer, ie:
ldapsearch -b dc=example,dc=org -D 'cn=replicator,dc=example,dc=org' -w <password> -s sub -x '(objectclass=*) ' '* +'
I get the result i would expect above, ie:
Nov 4 17:20:14 producer slapd[7286]: [ID 848112 local4.debug] conn=16 fd=16 ACCEPT from IP=10.0.0.2:54049 (IP=10.0.0.1:389) Nov 4 17:20:14 producer slapd[7286]: [ID 215403 local4.debug] conn=16 op=0 BIND dn="cn=replicator,dc=example,dc=org" method=128 Nov 4 17:20:14 producer slapd[7286]: [ID 600343 local4.debug] conn=16 op=0 BIND dn="cn=replicator,dc=example,dc=org" mech=SIMPLE ssf=0 Nov 4 17:20:14 producer slapd[7286]: [ID 588225 local4.debug] conn=16 op=0 RESULT tag=97 err=0 text= Nov 4 17:20:14 producer slapd[7286]: [ID 469902 local4.debug] conn=16 op=1 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(objectClass=*)" Nov 4 17:20:14 producer slapd[7286]: [ID 744844 local4.debug] conn=16 op=1 SRCH attr=* + Nov 4 17:21:03 producer slapd[7286]: [ID 832699 local4.debug] conn=16 op=1 SEARCH RESULT tag=101 err=0 nentries=85611 text= Nov 4 17:21:03 producer slapd[7286]: [ID 218904 local4.debug] conn=16 op=2 UNBIND Nov 4 17:21:03 producer slapd[7286]: [ID 952275 local4.debug] conn=16 fd=16 closed
Note here i get nentries=85611 (with a phole bunch of results) for what is essentialy the same query.
I'd appreciate any feedback, surely i must be missing something really obvious?
My config is below.
Cheers Brett
<< begin of provider slapd >>
###################################################################### # global options ######################################################################
include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
modulepath /usr/local/openldap/libexec/openldap #moduleload back_ldbm.la #moduleload back_monitor.la
pidfile /var/openldap/run/slapd.pid argsfile /var/openldap/run/slapd.args
# threads for faster concurrent slapadd tool-threads 4
###################################################################### # global database ACLs ######################################################################
# allow replicator to read all access to * by dn.exact="cn=replicator,dc=example,dc=org" read by * break
[ ..etc.. ]
# default rules access to * by self write by * read
###################################################################### # logging configuration ######################################################################
# testing loglevel stats sync
###################################################################### # primary database ######################################################################
database hdb suffix "dc=example,dc=org"
directory /var/openldap/data rootdn "cn=Manager, dc=example,dc=org" rootpw <password>
checkpoint 2000 15 cachesize 20000 idlcachesize 60000 cachefree 4000
# unlimited dn cache (openldap 2.4.16 and above) dncachesize 0
# General Indexes (there is more than this - but they are all the same form) index default pres,eq index objectClass,uid,mail pres,eq index cn,sn,ou,streetAddress,givenName,title,telephoneNumber eq,sub
# Indices for Syncrepl index entryCSN,entryUUID eq
# allow replicator DN have unlimited searches (per-database) limits dn.exact="cn=replicator,dc=example,dc=org" time=unlimited size=unlimited
###################################################################### # replication information - monitor backend ######################################################################
database monitor
<< end of provider slapd >>
<< below snipit added to above on the consumer only, just before "database monitor", but after the rest of the config >>
###################################################################### # replication information - only for consumer ######################################################################
# Where we pull data from syncrepl rid=001 provider=ldap://provider.example.org:389 bindmethod=simple binddn="cn=replicator,dc=example,dc=org" credentials=<password> searchbase="dc=example,dc=org" filter=(objectclass=*) attrs="*,+" schemachecking=off scope=sub type=refreshAndPersist retry="60 +"
# not using accesslog atm - debugging initial refresh # logbase="cn=accesslog" # logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" # syncdata=accesslog
# Refer all rights to master updateref ldap://provider.example.org:389