On Mon, 2008-10-27 at 14:28 +0000, andylockran wrote:
Robert Fitzpatrick wrote:
I have setup a 2.3.43 master/slave using syncrepl, but some entries are not syncing. I have one entire tree (ou=Domains,dc=example,dc=com) and some entries under another certain tree not coming over to the slave.
Here is my slapd.conf syncrepl entry on the slave with an ip address of 10.0.0.5...
syncrepl rid=120 provider=ldap://10.0.0.6:389 type=refreshAndPersist interval=00:00:05:00 searchbase="dc=example,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="uid=slurpd,ou=Services,dc=example,dc=com" credentials=password
And in my master from slapd.conf...
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
My ACL does not contain any specific access for my Domains container, but at the bottom contains...
access to * by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write by group.exact="cn=Administrators,dc=example,dc=com" write by self write by users read by peername=10.0.0.5 read by * read
My slurpd uid is a member of the Administrators group entry. Using my Domains tree as an example, I can read the entry no problem...
esmtp# ldapsearch -LLL -h 10.0.0.6 -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn Enter LDAP Password: dn: ou=Domains,dc=example,dc=com
However, I have no Domains container in my slave :(
esmtp# ldapsearch -LLL -h localhost -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn Enter LDAP Password:
Can someone help me shed some light on this problem?
The filter (objectclass=*) isn't blocking it is it?
Thanks. I have confirmed all to have objectClass defined, however, I removed the filter, stopped the server, deleted the directory folder and put back my DB_CONFIG, then restarted. Still, this one container and select entries beneath another container are not coming over to the master. But most entries in the directory are coming over and running the above ldapsearch from the slave pulls the entries on the master, no problem.
Any other ideas?
openldap-software@openldap.org