Hi, list.
I'm trying to implement syncrepl in my openldap 2.3.35 without sucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master; - slapcat master - slapadd on the slave; - start master and start slave
This works about one hour, in the morning wasn't syncing again. If i restart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
I don't know what to do to solve this issue :-(
Follow up my ldap configuration (just about syncrepl):
ldap master: # acls permits to user replicator to read all the database index objectClass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits dn.exact="cn=replicator,dc=domain,dc=com" size.soft=unlimited size.hard=unlimited
ldap slave: syncrepl rid=1 provider=ldaps://master.domain.com:636 binddn="cn=replicator,dc=domain,dc=com" bindmethod=simple credentials=secret searchbase="dc=domain,dc=com" filter="(objectClass=*)" schemachecking=off scope=sub type=refreshAndPersist retry="60 +"
Any tip will be apreciated.
On 6/12/07, Jeronimo Zucco jczucco@ucs.br wrote:
Hi, list. I'm trying to implement syncrepl in my openldap 2.3.35 withoutsucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
- start master and start slave
Hi Jeronimo,
With syncrepl, you don't need to do a 'slapcat' on the master and 'slapadd' on the slave. Just start the master, then the slave. You will see the slave doing a full sync.
This works about one hour, in the morning wasn't syncing again. If irestart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
What do you see in your ldap logs? Are your master and slave in two different subnets separated by a firewall?
Sam
I don't know what to do to solve this issue :-(
Follow up my ldap configuration (just about syncrepl):ldap master: # acls permits to user replicator to read all the database index objectClass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits dn.exact="cn=replicator,dc=domain,dc=com" size.soft=unlimited size.hard=unlimited
ldap slave: syncrepl rid=1 provider=ldaps://master.domain.com:636 binddn="cn=replicator,dc=domain,dc=com" bindmethod=simple credentials=secret searchbase="dc=domain,dc=com" filter="(objectClass=*)" schemachecking=off scope=sub type=refreshAndPersist retry="60 +"
Any tip will be apreciated.
-- Jeronimo Zucco LPIC-1 Linux Professional Institute Certified Núcleo de Processamento de Dados Universidade de Caxias do Sul
Sam Tran escreveu:
On 6/12/07, Jeronimo Zucco jczucco@ucs.br wrote:
Hi, list. I'm trying to implement syncrepl in my openldap 2.3.35 withoutsucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
- start master and start slave
Hi Jeronimo,
With syncrepl, you don't need to do a 'slapcat' on the master and 'slapadd' on the slave. Just start the master, then the slave. You will see the slave doing a full sync.
Ok, I didn't know about it until now. :-)
This works about one hour, in the morning wasn't syncing again. If irestart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
What do you see in your ldap logs?
Well, I restarted master and slave this morning, and sync works until 11:38 am. I change the log level to 16384 in both servers, and get this:
MASTER:
Jun 12 11:35:05 master slapd[3556]: connection_read(51): no connection! Jun 12 11:36:08 master slapd[3556]: connection_read(72): no connection! Jun 12 11:36:53 master slapd[3556]: connection_read(127): no connection! Jun 12 11:37:15 master slapd[3556]: connection_read(139): no connection! Jun 12 11:37:16 master slapd[3556]: connection_read(139): no connection! Jun 12 11:37:29 master slapd[3556]: connection_read(144): no connection! Jun 12 11:37:36 master slapd[3556]: connection_read(144): no connection! Jun 12 11:39:18 master slapd[3556]: connection_read(69): no connection! Jun 12 11:39:37 master last message repeated 2 times ... until now
SLAVE:
Jun 12 11:35:51 slave slapd[32765]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY) Jun 12 11:35:51 slave slapd[32765]: syncrepl_entry: rid 001 be_search (0) Jun 12 11:35:51 slave slapd[32765]: syncrepl_entry: rid 001 ou=ImpPrefs,uid=RMendes,ou=people,dc=domain,dc=com Jun 12 11:35:51 slave slapd[32765]: syncrepl_entry: rid 001 be_modify (0) Jun 12 11:38:40 slave slapd[32765]: connection_read(27): no connection! Jun 12 11:43:40 slave slapd[32765]: connection_read(27): no connection! Jun 12 12:13:40 slave slapd[32765]: connection_read(27): no connection! Jun 12 13:08:40 slave slapd[32765]: connection_read(27): no connection! ... until now...
Then now I restarted the slave openldap server, and sync is working again (I don't now until when, then I have to restart slave again to do sync.
Are your master and slave in two different subnets separated by a firewall?
No. The servers are in the same network.
Thanks for the help.
Sam
I don't know what to do to solve this issue :-(
Follow up my ldap configuration (just about syncrepl):ldap master: # acls permits to user replicator to read all the database index objectClass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits dn.exact="cn=replicator,dc=domain,dc=com" size.soft=unlimited size.hard=unlimited
ldap slave: syncrepl rid=1 provider=ldaps://master.domain.com:636 binddn="cn=replicator,dc=domain,dc=com" bindmethod=simple credentials=secret searchbase="dc=domain,dc=com" filter="(objectClass=*)" schemachecking=off scope=sub type=refreshAndPersist retry="60 +"
Any tip will be apreciated.
-- Jeronimo Zucco LPIC-1 Linux Professional Institute Certified Núcleo de Processamento de Dados Universidade de Caxias do Sul
--On June 12, 2007 11:47:57 AM -0400 Sam Tran stlist@gmail.com wrote:
On 6/12/07, Jeronimo Zucco jczucco@ucs.br wrote:
Hi, list. I'm trying to implement syncrepl in my openldap 2.3.35 withoutsucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
- start master and start slave
Hi Jeronimo,
With syncrepl, you don't need to do a 'slapcat' on the master and 'slapadd' on the slave. Just start the master, then the slave. You will see the slave doing a full sync.
His point is that replication works for a while, and then stops. After which the only way he can get it going again is to slapcat the master and reload the slaves. I.e., replication works for a while, and stops. Restarting the slave, IIRC, does not restart replication. (I've discussed this some with him on the #ldap channel on IRC).
This works about one hour, in the morning wasn't syncing again. If irestart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
What do you see in your ldap logs? Are your master and slave in two different subnets separated by a firewall?
Restarting the replica I would think would re-establish any connection and queue replication to start again, which doesn't seem to be happening.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On June 12, 2007 10:29:10 AM -0700 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On June 12, 2007 11:47:57 AM -0400 Sam Tran stlist@gmail.com wrote:
On 6/12/07, Jeronimo Zucco jczucco@ucs.br wrote:
Hi, list. I'm trying to implement syncrepl in my openldap 2.3.35 withoutsucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
- start master and start slave
Hi Jeronimo,
With syncrepl, you don't need to do a 'slapcat' on the master and 'slapadd' on the slave. Just start the master, then the slave. You will see the slave doing a full sync.
His point is that replication works for a while, and then stops. After which the only way he can get it going again is to slapcat the master and reload the slaves. I.e., replication works for a while, and stops. Restarting the slave, IIRC, does not restart replication. (I've discussed this some with him on the #ldap channel on IRC).
Or maybe not, never mind. :P
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On Tue, Jun 12, 2007 at 09:23:52AM -0300, Jeronimo Zucco wrote:
Hi, list. I'm trying to implement syncrepl in my openldap 2.3.35 without sucess. Itryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
You don't need this slapcat/slapadd with syncrepl. It should be able to detect the consumer (slave) is empty and fetch all that is needed from the producer (master).
start master and start slave
This works about one hour, in the morning wasn't syncing again. If i
restart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
I don't know what to do to solve this issue :-(
Follow up my ldap configuration (just about syncrepl):ldap master: # acls permits to user replicator to read all the database
You don't show these ACLs.
index objectClass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 limits dn.exact="cn=replicator,dc=domain,dc=com" size.soft=unlimited size.hard=unlimited
ldap slave: syncrepl rid=1 provider=ldaps://master.domain.com:636 binddn="cn=replicator,dc=domain,dc=com" bindmethod=simple credentials=secret searchbase="dc=domain,dc=com" filter="(objectClass=*)" schemachecking=off scope=sub type=refreshAndPersist retry="60 +"
This seems correct. Maybe some debugging on both sides? Do you use some other overlay besides syncprov?
On Jun 12, 2007, at 5:23 AM, Jeronimo Zucco wrote:
I'm trying to implement syncrepl in my openldap 2.3.35 without sucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for syn ldap servers, but for some reason with I don't know, the slave lost the sync.
Then I have to do the same thing ate night:
stop ldap master;
slapcat master
slapadd on the slave;
start master and start slave
This works about one hour, in the morning wasn't syncing again.
If i restart the slave ldap, then the changes on the master is replicated, but stops to sync "on line" after this.
I had troubles like this when the replication load was very large. The replica encountered a time limit and its search aborted.
Unfortunately, the only way to know for sure is to add logging to syncrepl.c. Without that you can only guess. I have done that with 2.4.4 test release, and I just now posted a patch: http://www.openldap.org/its/index.cgi/ Incoming?id=5014 Since it won't apply to 2.3, I append an untested patch for 2.3.24.
Donn Cave, donn@u.washington.edu
*** servers/slapd/syncrepl.c.orig Sat May 27 01:45:32 2006 --- servers/slapd/syncrepl.c Tue Jun 12 13:50:42 2007 *************** *** 627,633 **** struct sync_cookie syncCookie_req = { BER_BVNULL }; struct berval cookie = BER_BVNULL;
! int rc, err, i; ber_len_t len;
int rc_efree = 1; --- 627,633 ---- struct sync_cookie syncCookie_req = { BER_BVNULL }; struct berval cookie = BER_BVNULL;
! int rc, err, i, rrc; ber_len_t len;
int rc_efree = 1; *************** *** 646,651 **** --- 646,652 ---- BerVarray syncUUIDs = NULL; ber_tag_t si_tag;
+ rrc = LDAP_SUCCESS; if ( slapd_shutdown ) { rc = -2; goto done; *************** *** 669,674 **** --- 670,676 ---- while (( rc = ldap_result( si->si_ld, LDAP_RES_ANY, LDAP_MSG_ONE, tout_p, &res )) > 0 ) { + ldap_parse_result( si->si_ld, res, &rrc, 0, 0, 0, 0, 0 ); if ( slapd_shutdown ) { rc = -2; goto done; *************** *** 994,999 **** --- 996,1010 ---- }
done: + if ( rrc != LDAP_SUCCESS ) { + const char *errstr; + ldap_get_option( si->si_ld, LDAP_OPT_ERROR_NUMBER, &rrc ); + errstr = ldap_err2string( rrc ); + + Debug( LDAP_DEBUG_ANY, + "syncrepl %s result: %s\n", si->si_ridtxt, errstr, 0 ); + } + slap_sync_cookie_free( &syncCookie, 0 ); slap_sync_cookie_free( &syncCookie_req, 0 );
openldap-software@openldap.org
-
Andreas Hasenack -
Donn Cave -
Jeronimo Zucco -
Quanah Gibson-Mount -
Sam Tran