Hello,

I configured two Master LDAP Server and everything works perfect with replication. The database contains 10 000 entrys

Now I want to simulate a Server Break so I stopped LDAP while adding 100 LDAP entrys (30000-30099) via ldapadd. All entrys are available on both Masters (so replication works) expect the last entry before break down LDAP (while entry 30050). So at Master 1 all entrys until 30050 are available, on Master 2 all entrys are available until 30049. LDAP was not able to sync it before break down. That is ok. Then I brought LDAP back on Master 1 and the Last entry (30050) was synced by LDAP to Master 2. All seems to work perfect but now I looked into the Debug Log and LDAP on Master 2 is rescan the whole Database:

... entry_decode: "uid=339,dc=local,dc=de" <= entry_decode(uid=339,dc=local,dc=de) entry_decode: "uid=340,dc=local,dc=de" <= entry_decode(uid=340,dc=local,dc=de) ...

Is that normal because it takes a long long time. In the future I will have millions of user and a rescan would cost much time. Is it possible to avoid this behaviour of LDAP.

Does anybody have experience with that?

Thank you, Andi