Hello,
I'm having problem with 2 OpenLDAP (ver 2.4.21) servers acting as "master" and "slave" using "refresh and persist" synchronization. When both servers are up, all changes get replicated (including deletes), however when slave is down and objects get deleted on master, they are not deleted on the slave after it comes up. Also, an interesting issue I noticed, deleting object on master doesn't change the servers contextCSN, so this could be related to the problem I have.
What can be done about this situation ?
Configs follow:
Master:
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}syncprov.la olcModuleLoad: {1}memberof.la structuralObjectClass: olcModuleList creatorsName: cn=config entryUUID: b4dec246-8d67-102d-9827- 65d8858906d8 createTimestamp: 20090212154358Z entryCSN: 20090212154358.261980Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090212154358Z
dn: olcOverlay={1}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpSessionlog: 100 entryUUID: ad98aace-8b05-102d-8b73-fd81f30554e6 creatorsName: cn=config createTimestamp: 20090209145713Z structuralObjectClass: olcSyncProvConfig olcSpCheckpoint: 100 1 entryCSN: 20091104130358.860872Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20091104130358Z
dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: slapd.conf.1 olcConfigDir: slapd.d olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 1 structuralObjectClass: olcGlobal creatorsName: cn=config entryUUID: b4deb404-8d67-102d-9826-65d8858906d8 createTimestamp: 20090212154358Z olcSaslHost: ldap-test1.carina.griddynamics.net olcLogLevel: 0 olcAuthzPolicy: to olcAuthzRegexp: {0}uid=([^@]*)[@,].*cn=digest-md5,cn=auth ldap:///dc=griddynam ics,dc=net??sub?(uid=$1) olcSizeLimit: 10000 olcServerID: 1 ldap://ldap-test1.carina.griddynamics.net entryCSN: 20091121171118.965511Z#000000#002#000000 modifiersName: cn=config modifyTimestamp: 20091121171118Z contextCSN: 20100121080100.534901Z#000000#001#000000
dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/ldap/griddynamics.net olcSuffix: dc=griddynamics,dc=net olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=griddynamics,dc=net olcMonitoring: TRUE olcDbDirtyRead: FALSE olcDbLinearIndex: FALSE olcDbMode: 384 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 entryUUID: acc152ea-8b05-102d-8b71-fd81f30554e6 creatorsName: cn=config createTimestamp: 20090209145711Z structuralObjectClass: olcBdbConfig olcRootPW:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= olcAccess: {0}to attrs=userPassword,userPKCS12,sambaLMPassword,sambaNTPassword by sockurl.regex="^ldapi:///$" write by group.exact="cn=noc,ou=groups,dc=gr iddynamics,dc=net" write by self write by anonymous auth olcAccess: {1}to attrs=shadowLastChange by sockurl.regex="^ldapi:///$" write by group.exact="cn=noc,ou=groups,dc=griddynamics,dc=net" write by self wri te by * read olcAccess: {2}to * by sockurl.regex="^ldapi:///$" write by group.exact="cn=n oc,ou=groups,dc=griddynamics,dc=net" write by self write by * read olcDbIndex: default eq olcDbIndex: objectClass,entryUUID,entryCSN olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: memberOf pres,eq olcDbIndex: ou pres,eq,sub olcDbIndex: mail pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbIndex: uniqueMember pres,eq olcDbIndex: gosaObject pres,eq olcDbIndex: zoneName pres,eq olcDbIndex: relativeDomainName pres,eq olcDbIndex: member pres,eq olcDbIndex: dhcpPrimaryDN pres,eq olcDbIndex: dhcpSecondaryDN pres,eq olcDbIndex: dhcpServerDN pres,eq olcDbIndex: dhcpFailOverPeerDN pres,eq olcDbIndex: dhcpHWAddress pres,eq olcDbNoSync: TRUE olcDbCheckpoint: 1024 5 olcDbCacheSize: 5000 olcDbIDLcacheSize: 5000 olcSyncrepl: {0}rid=001 provider=ldap://ldap-test1.carina.griddynamics.net bindmetho d=simple timeout=1 network-timeout=0 binddn="cn=manager,dc=griddynamics,dc=ne t" credentials="xxxxxxxxxxx" starttls=no filter="(objectclass=*)" searchbase="dc =griddynamics,dc=net" scope=sub schemachecking=off type=refreshAndPersist ret ry="10 +" olcDbConfig: {0}set_flags DB_LOG_AUTOREMOVE olcDbConfig: {1}set_cachesize 0 33554432 0 entryCSN: 20091121172900.646924Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20091121172900Z
Slave:
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModuleLoad: {0}syncprov.la olcModuleLoad: {1}memberof.la structuralObjectClass: olcModuleList creatorsName: cn=config entryUUID: b4dec246-8d67-102d-9827-65d8858906d8 createTimestamp: 20090212154358Z entryCSN: 20090212154358.261980Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20090212154358Z
dn: olcOverlay={1}syncprov objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpSessionlog: 100 entryUUID: ad98aace-8b05-102d-8b73-fd81f30554e6 creatorsName: cn=config createTimestamp: 20090209145713Z structuralObjectClass: olcSyncProvConfig olcSpCheckpoint: 100 1 entryCSN: 20091104130358.860872Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20091104130358Z
dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: slapd.conf.1 olcConfigDir: slapd.d olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSCRLCheck: none olcTLSVerifyClient: never olcToolThreads: 1 structuralObjectClass: olcGlobal creatorsName: cn=config entryUUID: b4deb404-8d67-102d-9826-65d8858906d8 createTimestamp: 20090212154358Z olcSaslHost: ldap-test1.carina.griddynamics.net olcLogLevel: 0 olcAuthzPolicy: to olcAuthzRegexp: {0}uid=([^@]*)[@,].*cn=digest-md5,cn=auth ldap:///dc=griddynam ics,dc=net??sub?(uid=$1) olcSizeLimit: 10000 olcServerID: 1 ldap://ldap-test1.carina.griddynamics.net entryCSN: 20091121171118.965511Z#000000#002#000000 modifiersName: cn=config modifyTimestamp: 20091121171118Z contextCSN: 20100121080100.534901Z#000000#001#000000
dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/ldap/griddynamics.net olcSuffix: dc=griddynamics,dc=net olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=griddynamics,dc=net olcMonitoring: TRUE olcDbDirtyRead: FALSE olcDbLinearIndex: FALSE olcDbMode: 384 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 entryUUID: acc152ea-8b05-102d-8b71-fd81f30554e6 creatorsName: cn=config createTimestamp: 20090209145711Z structuralObjectClass: olcBdbConfig olcRootPW:: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= olcAccess: {0}to attrs=userPassword,userPKCS12,sambaLMPassword,sambaNTPassword by sockurl.regex="^ldapi:///$" write by group.exact="cn=noc,ou=groups,dc=gr iddynamics,dc=net" write by self write by anonymous auth olcAccess: {1}to attrs=shadowLastChange by sockurl.regex="^ldapi:///$" write by group.exact="cn=noc,ou=groups,dc=griddynamics,dc=net" write by self wri te by * read olcAccess: {2}to * by sockurl.regex="^ldapi:///$" write by group.exact="cn=n oc,ou=groups,dc=griddynamics,dc=net" write by self write by * read olcDbIndex: default eq olcDbIndex: objectClass,entryUUID,entryCSN olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: memberOf pres,eq olcDbIndex: ou pres,eq,sub olcDbIndex: mail pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbIndex: uniqueMember pres,eq olcDbIndex: gosaObject pres,eq olcDbIndex: zoneName pres,eq olcDbIndex: relativeDomainName pres,eq olcDbIndex: member pres,eq olcDbIndex: dhcpPrimaryDN pres,eq olcDbIndex: dhcpSecondaryDN pres,eq olcDbIndex: dhcpServerDN pres,eq olcDbIndex: dhcpFailOverPeerDN pres,eq olcDbIndex: dhcpHWAddress pres,eq olcDbNoSync: TRUE olcDbCheckpoint: 1024 5 olcDbCacheSize: 5000 olcDbIDLcacheSize: 5000 olcSyncrepl: {0}rid=001 provider=ldap://ldap-test1.carina.griddynamics.net bindmetho d=simple timeout=1 network-timeout=0 binddn="cn=manager,dc=griddynamics,dc=ne t" credentials="xxxxxxxxxxx" starttls=no filter="(objectclass=*)" searchbase="dc =griddynamics,dc=net" scope=sub schemachecking=off type=refreshAndPersist ret ry="10 +" olcDbConfig: {0}set_flags DB_LOG_AUTOREMOVE olcDbConfig: {1}set_cachesize 0 33554432 0 entryCSN: 20091121172900.646924Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20091121172900Z
openldap-software@openldap.org
-
Lior Goikhburg