Hi all,
I've upgraded from 2.3.43 to 2.4.16 on gentoo amd64.
Syncrepl could not finnish its initial replication due to a sizelimit of 500 entries.
This is a bit amazing because I've set sizelimit to unlimited, and I had no such trouble with 2.3.43.
I've played a bit with the sizelimit statement. If sizelimit is set to a value >=0<500 the behavior is as expected, unlimited (-1) and values >500 are ignored.
I've turned on args debugging to see if something is different between both versions.
With version 2.3.43 op->ors_slimit is set to 0 if do_search() is executed, with version 2.4.16 op->ors_slimit is set to 500 (SLAPD_DEFAULT_SIZELIMIT).
That explains the different behavior of limits_check().
With ors_slimit set to SLAPD_DEFAULT_SIZELIMIT it runs into servers/slapd/limits.c:1294 and ors_slimit will only set to ors_limit->lms_s_soft if the value of ors_limit->lms_s_soft is between 1 and SLAPD_DEFAULT_SIZELIMIT -1.
I don't know why you have set ors_slimit to SLAPD_DEFAULT_SIZELIMIT but this breaks unlimited sizelimit or size limits > SLAPD_DEFAULT_SIZELIMIT. I think that lms_s_soft should initially be set to SLAPD_DEFAULT_SIZELIMIT, not ors_slimit.
But as said, I don't know why you have done this and probably you had good reasons to do so. I'm a bit confused that nobody but me had such limit problems with 2.4.16 till now.
Attached my config snippet.
bye Christian
### conf snippet ###
loglevel none security ssf=256 disallow bind_anon require authc
database bdb suffix "dc=foo,dc=bar" rootdn "cn=Manager,dc=foo,dc=bar" rootpw secret directory /var/lib/openldap-data checkpoint 32 30 sizelimit unlimited index entryUUID eq
syncrepl rid=123 provider=ldap://isc01.foo.bar starttls=yes tls_reqcert=never type=refreshAndPersist retry="5 5 60 +" searchbase="dc=foo,dc=bar" scope=sub schemachecking=on bindmethod=simple binddn="cn=syncrepl,ou=dsa,dc=foo,dc=bar" credentials=secret
--On Sunday, June 14, 2009 12:41 AM +0200 Christian Fischer Christian.Fischer@fischundfischer.com wrote:
Hi all,
I've upgraded from 2.3.43 to 2.4.16 on gentoo amd64.
Syncrepl could not finnish its initial replication due to a sizelimit of 500 entries.
This is a bit amazing because I've set sizelimit to unlimited, and I had no such trouble with 2.3.43.
I've played a bit with the sizelimit statement. If sizelimit is set to a value >=0<500 the behavior is as expected, unlimited (-1) and values >500 are ignored.
I've turned on args debugging to see if something is different between both versions.
With version 2.3.43 op->ors_slimit is set to 0 if do_search() is executed, with version 2.4.16 op->ors_slimit is set to 500 (SLAPD_DEFAULT_SIZELIMIT).
That explains the different behavior of limits_check().
With ors_slimit set to SLAPD_DEFAULT_SIZELIMIT it runs into servers/slapd/limits.c:1294 and ors_slimit will only set to ors_limit->lms_s_soft if the value of ors_limit->lms_s_soft is between 1 and SLAPD_DEFAULT_SIZELIMIT -1.
I don't know why you have set ors_slimit to SLAPD_DEFAULT_SIZELIMIT but this breaks unlimited sizelimit or size limits > SLAPD_DEFAULT_SIZELIMIT. I think that lms_s_soft should initially be set to SLAPD_DEFAULT_SIZELIMIT, not ors_slimit.
But as said, I don't know why you have done this and probably you had good reasons to do so. I'm a bit confused that nobody but me had such limit problems with 2.4.16 till now.
Attached my config snippet.
You don't show what sizelimit is in place on the *provider* which is what would determine how syncrepl is affected.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On Sunday 14 June 2009, Quanah Gibson-Mount wrote:
You don't show what sizelimit is in place on the *provider* which is what would determine how syncrepl is affected.
--Quanah
Hmm, seems it was a bit late in the evening.
This is a provider config snippet, I've taken a mirror as the syncrepl provider.
I've tried to cut out irrelevant lines, with less success as you see. Sorry for the confusion.
Bye Christian
Now the complete configuration:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openssh-lpk.schema include /etc/openldap/schema/radius.schema include /etc/openldap/schema/egr.schema include /etc/openldap/schema/mozillaabpersonalpha.schema include /etc/openldap/schema/dhcp.schema
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCertificateFile /etc/openldap/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/openldap/ssl/ca.crt TLSVerifyClient never
loglevel none serverID 2 security ssf=256 disallow bind_anon require authc
database bdb suffix "dc=foo,dc=bar" rootdn "cn=Manager,dc=foo,dc=bar" rootpw secret directory /var/lib/openldap-data checkpoint 32 30 sizelimit unlimited
index objectclass,entryCSN,entryUUID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncprov-reloadhint TRUE
syncrepl rid=123 provider=ldap://isc01.foo.bar starttls=yes tls_reqcert=never type=refreshAndPersist retry="5 5 60 +" searchbase="dc=foo,dc=bar" scope=sub schemachecking=on bindmethod=simple binddn="cn=syncrepl,ou=dsa,dc=foo,dc=bar" credentials=secret
mirrormode on
### ACL ### # [snip]
openldap-software@openldap.org
-
Christian Fischer -
Quanah Gibson-Mount