On Thu, Feb 01, 2007 at 08:59:39PM -0800, Christopher Cowart wrote:

On Thu, Feb 01, 2007 at 08:25:52PM -0800, Howard Chu wrote:

...

Redirected from -bugs; there is no evidence of a bug here.

Perhaps the -software list charter should include mention of support issues or questions? As it was, -bugs seemed most appropriate.

...

Christopher Cowart wrote:

...

Hello,

I have 3 installations of openldap-server-2.3.33 running on FreeBSD 6.1-REL: ldap-master, ldap1, ldap2. I am using syncrepl to replicate ldap-master to ldap1 and ldap2. The replicated directory is missing entire ou branches in my tree.

I have created the following objects in my directory: cn=syncrepl-ldap1,dc=example,dc=com cn=syncrepl-ldap2,dc=example,dc=com

I've made the following configurations on the provider: | access to * | by dn.regex="cn=syncrepl-(ldap1|ldap2),dc=example,dc=com" read | by * break | | # More ACLs Follow | | # For Sync Replication | overlay syncprov | syncprov-checkpoint 100 10 | syncprov-sessionlog 100

More information is needed. There's no indication that ACLs are any problem here. Of course, you've listed your rootdn in your ACLs, which is useless.

Could you suggest what other information might be helpful? I thought the fact that syncrepl works when binding as the rootdn but not the syncrepl user indicated ACLs. What makes you think otherwise?

...

One possible explanation is that you didn't raise the sizelimits for the syncrepl users, so they weren't able to get a full refresh.

Thanks for this suggestion. I've added this (from a forum post): | limits dn.regex="cn=syncrepl-ldap1,dc=example,dc=com" | time.soft=unlimited time.hard=unlimited size.soft=unlimited | size.hard=unlimited

After restarting the provider, the consumer is still not replicating the missing portions of the directory. Do you have any other suggestions?

Just to clarify, I also blew away the backend on the consumer and restarted that instance of slapd.