On Monday, 29 March 2010 21:30:20 L.B. wrote:
Hi;
I've finally decided to make the move to syncrepl after much delay and procrastination. I've read the guide and also reviewed several howto's on the topic... It still isn't running correctly for me because it doesn't replicate a few new users I've added to the provider. Also I'm seeing the following issue over and over (every time it tries a sync on my 10m interval):
This normally indicates that the consumer didn't get the final control, usually because it didn't have sufficient (size/time) access to get the full search results.
######### Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent: rid 001 be_delete uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_search (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 LDAP_RES_SEARCH_RESULT #########
My setup is RHEL4 with Buchan's RPMs (openldap2.3-servers-2.3.39-3.rhel4, etc.).
2.3.43 has been available for a long time ...
I have a fairly simple setup, one provider and one consumer.
Here is my provider config: ######################
include /usr/share/openldap2.3/schema/core.schema include /usr/share/openldap2.3/schema/cosine.schema include /usr/share/openldap2.3/schema/inetorgperson.schema include /usr/share/openldap2.3/schema/nis.schema include /usr/share/openldap2.3/schema/misc.schema include /usr/share/openldap2.3/schema/corba.schema include /usr/share/openldap2.3/schema/openldap.schema include /usr/share/openldap2.3/schema/ppolicy.schema include /usr/share/openldap2.3/schema/ldapns.schema
access to * by dn.exact="cn=Replicator,dc=swa,dc=com" read by self read by * none break
limits group="cn=Replicator,dc=swa,dc=com" size=unlimited time=unlimited
The intention in my limits example is that you would create a groupOfNames for cn=Replicator, and add additional host-specific DNs to this groupOfNames object. But, it seems you have only one cn=Replicator non-group entry, changed the ACL appropriately, but not the limits statement.
[...]
syncrepl rid=001 provider=ldap://ldap-agis01.mascorp.com type=refreshOnly interval=00:00:10:00 retry="60 10 300 +" searchbase="dc=swa,dc=com" filter="(objectClass=*)" binddn="cn=Replicator,dc=swa,dc=com" bindmethod=simple credentials=yadayadayada schemachecking=off updateref ldap://ldap-agis01.mascorp.com/
Assuming you have more than 500 entries, if you do a search as this syncrepl binddn, with the rest of the search parameters based on the syncrepl configuration, do you get all entries, or a "Size limit exceeded" ?
Regards, Buchan