I have never had any problems up until now with syncrepl. 1 consumer is always in sync, yet the 2 newer ones start out in sync but after about 10 minutes they don't sync at all. It is always fixed by restarting slapd on the 2 problem consumers.
Various debugging and tcpdumps just confirm that it isn't staying in sync but nothing as far as errors. This same configuration is running on another instance (although openldap 2.3.27, db-4.4.20) with 1 provider and 9 consumers without any issues.
Configuration :
1 provider 3 consumers
All are openldap-2.3.32 with db-4.4.20 plus the 4 patches.
provider config :
database monitor access to dn.subtree=cn=monitor by dn.exact=cn=Manager,dc=company,dc=com write by dn.subtree=dc=company,dc=com read by * none
access to dn="" by * read access to attrs=userPassword by self write by dn="cn=Manager,dc=company,dc=com" write by anonymous auth by * none access to * by self write by dn="cn=Manager,dc=company,dc=com" write by * none
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * none access to * by self write by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read
access to * by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read
database bdb suffix "dc=company,dc=com"
overlay ppolicy ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com"
rootdn "cn=Manager,dc=company,dc=com" rootpw {crypt}asdf directory /blah/openldap/var/openldap-data
overlay syncprov syncprov-checkpoint 10 60 syncprov-sessionlog 500
# Indices to maintain for this database index objectClass eq,pres index sudoUser eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index entryUUID eq index entryCSN eq
consumer config (same on all 3, except for rid)
database monitor access to dn.subtree=cn=monitor by dn.exact=cn=Manager,dc=company,dc=com write by dn.subtree=dc=company,dc=com read by * none
access to dn="" by * read access to attrs=userPassword by self write by dn="cn=Manager,dc=company,dc=com" write by anonymous auth by * none access to * by self write by dn="cn=Manager,dc=company,dc=com" write by * none
access to attrs=userPassword by self write by anonymous auth by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * none access to * by self write by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read
access to * by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read
database bdb suffix "dc=company,dc=com" overlay ppolicy ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" rootpw {crypt}adsf directory /blah/openldap/var/openldap-data
# Indices to maintain for this database index objectClass eq,pres index sudoUser eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index entryUUID eq
syncrepl rid=2 provider=ldaps://10.0.0.1 type=refreshAndPersist retry=60,10,300,3 searchbase="dc=company,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" credentials=adsf
--On Tuesday, February 06, 2007 3:06 PM -0500 Wes Rogers wrogers@gmail.com wrote:
I have never had any problems up until now with syncrepl. 1 consumer is always in sync, yet the 2 newer ones start out in sync but after about 10 minutes they don't sync at all. It is always fixed by restarting slapd on the 2 problem consumers.
Various debugging and tcpdumps just confirm that it isn't staying in sync but nothing as far as errors. This same configuration is running on another instance (although openldap 2.3.27, db-4.4.20) with 1 provider and 9 consumers without any issues.
I would advise listing the monitor database last in any configuration.
Are you sure that the replica's aren't simply querying the master for a presence list, since they start out empty? I.e., do they stay connected?
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Wes Rogers wrote:
I have never had any problems up until now with syncrepl. 1 consumer is always in sync, yet the 2 newer ones start out in sync but after about 10 minutes they don't sync at all. It is always fixed by restarting slapd on the 2 problem consumers.
Various debugging and tcpdumps just confirm that it isn't staying in sync but nothing as far as errors. This same configuration is running on another instance (although openldap 2.3.27, db-4.4.20) with 1 provider and 9 consumers without any issues.
Configuration :
1 provider 3 consumers
All are openldap-2.3.32 with db-4.4.20 plus the 4 patches.
Given that no problems show up in 2.3.27, and looking at the diffs between 2.3.27 and 2.3.32, the only substantive difference is in syncprov_checkpoint handling, due to ITS#4720. Looking over that patch, it's possible the chosen fix was bad.
Try turning off syncprov-checkpoint in your provider. If that makes a difference, then the ITS#4720 patch is broken.
openldap-software@openldap.org
-
Howard Chu -
Quanah Gibson-Mount -
Wes Rogers