Question about contextCSN's - openldap-software

27 Jan 2010


      I'm replicating both the config and backend databases between two boxes.  Everything seems fine, but for some reason
when I query them both for the contextCSN, the config database returns only one while the backend database returns two,
as seen below:
## ldap1 replication config
olcDatabase={0}config.ldif:olcSyncrepl: {0}rid=001 provider=ldap://ldap1.example.com binddn="cn=admin,cn=co
olcDatabase={0}config.ldif- nfig" bindmethod=simple credentials="SECRET" searchbase="cn=config" type
olcDatabase={0}config.ldif- =refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={0}config.ldif:olcSyncrepl: {1}rid=002 provider=ldap://ldap2.example.com binddn="cn=admin,cn=co
olcDatabase={0}config.ldif- nfig" bindmethod=simple credentials="SECRET" searchbase="cn=config" type
olcDatabase={0}config.ldif- =refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={1}hdb.ldif:olcSyncrepl: {0}rid=003 provider=ldap://ldap1.example.com binddn="cn=admin,dc=exa
olcDatabase={1}hdb.ldif- mple,dc=com" bindmethod=simple credentials="SECRET" searchbase="dc=example,
olcDatabase={1}hdb.ldif- dc=com" type=refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={1}hdb.ldif:olcSyncrepl: {1}rid=004 provider=ldap://ldap2.example.com binddn="cn=admin,dc=exa
olcDatabase={1}hdb.ldif- mple,dc=com" bindmethod=simple credentials="SECRET" searchbase="dc=example,
olcDatabase={1}hdb.ldif- dc=com" type=refreshAndPersist retry="5 10 300 15" timeout=1
## ldap2 replication config
olcDatabase={0}config.ldif:olcSyncrepl: {0}rid=001 provider=ldap://ldap1.example.com binddn="cn=admin,cn=co
olcDatabase={0}config.ldif- nfig" bindmethod=simple credentials="SECRET" searchbase="cn=config" type
olcDatabase={0}config.ldif- =refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={0}config.ldif:olcSyncrepl: {1}rid=002 provider=ldap://ldap2.example.com binddn="cn=admin,cn=co
olcDatabase={0}config.ldif- nfig" bindmethod=simple credentials="SECRET" searchbase="cn=config" type
olcDatabase={0}config.ldif- =refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={1}hdb.ldif:olcSyncrepl: {0}rid=003 provider=ldap://ldap1.example.com binddn="cn=admin,dc=exa
olcDatabase={1}hdb.ldif- mple,dc=com" bindmethod=simple credentials="SECRET" searchbase="dc=example,
olcDatabase={1}hdb.ldif- dc=com" type=refreshAndPersist retry="5 10 300 15" timeout=1
olcDatabase={1}hdb.ldif:olcSyncrepl: {1}rid=004 provider=ldap://ldap2.example.com binddn="cn=admin,dc=exa
olcDatabase={1}hdb.ldif- mple,dc=com" bindmethod=simple credentials="SECRET" searchbase="dc=example,
olcDatabase={1}hdb.ldif- dc=com" type=refreshAndPersist retry="5 10 300 15" timeout=1
## Query
root@ldap1:~# ldapsearch -x -H ldap://localhost -D 'cn=admin,cn=config' -y /etc/ldap.secret -b 'cn=config' -s base -LL
contextCSN; ldapsearch -x -H ldap://localhost -D 'cn=admin,dc=example,dc=com' -y /etc/ldap.secret -b 'dc=example,dc=com'
-s base -LL contextCSN
version: 1
dn: cn=config
contextCSN: 20091012205437.323661Z#000000#001#000000
version: 1
dn: dc=example,dc=com
contextCSN: 20100126210305.876171Z#000000#001#000000
contextCSN: 20091018205321.288716Z#000000#002#000000
I checked the documentation, but didn't see anything that clarified this behavior.  I've also checked the logs, and
there are no replication failures in them.  So what is the reason for this?  The only difference I can see between the
config and backend is that the backend database has two overlays (autogroup and syncprov) and the config db has only one
(syncprov), but that may just be an irrelevant coincidence.  I would be most appreciative if somebody could shed some
light on this for me.  Thanks!
Respectfully,
Ryan