On Tuesday 14 October 2008 13:18:37 Karthik Dathathri wrote:
I was trying to setup replication using syncrepl with openldap 2.4.11 on two machines running RHEL 5.0
The provider has approximately 1000 entries in the directory.
On the consumer side, I am getting the following error after synchronization of around 500 records.
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 cn=Delfin Labarge,ou=Payroll,dc=example,dc=com Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 be_add (0) Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 (4) Size limit exceeded
I am using "refreshOnly" syncrepl in the consumer.
The syncrepl user dn is uid=syncrepl,ou=System,dc=example,dc=com
and added this dn as a member to a group called LDAPAdmins (cn=LDAPAdmins,ou=Groups,dc=example,dc=com)
slapd.conf configuration at the consumer end is as follows:
This is irrelevant, searches are done against the provider, not the consumer.
# Replicas running syncrepl as non-rootdn need unrestricted size/time limits: limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" size=unlimited time=unlimited
#SyncRepl slave configuration syncrepl rid=001 provider=ldap://16.167.10.25 type=refreshOnly interval=00:00:05:00 searchbase="dc=example,dc=com" binddn="uid=syncrepl,ou=System,dc=example,dc=com" credentials=secret timelimit=unlimited sizelimit=unlimited
slapd.conf configuration at the provider is as follows:
#Global ACL for replication access to * by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" read by anonymous read
So, access to * by * read would work, and you can't be sure that your group is working from the ACLs ....
# syncprov index entryCSN,entryUUID eq
# Replicas running syncrepl as non-rootdn need unrestricted size/time limits: limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" size=unlimited time=unlimited
So, if you do a search as your uid=syncrepl DN (with ldapsearch), how many entries do you get, and what result code do you get?
# ACL ensuring replicator has write access
Syncrepl does not require that any replication DN has write access anywhere ...
access to * by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" write by * read
#syncprov overlay configuration overlay syncprov syncprov-checkpoint 50 10 syncprov-sessionlog 100
Any pointers would be appreciated. If someone needs more information about the environment, please let me know.
It;s possible to test some of your configuration manually, which I would normally do *first* (before configuring the consumer).
Regards, Buchan