We are running openldap in cluster mode with MDB setup, and we started second cluster after some time and we observe that data is non synch between those 2 servers. So how do we synchronize the data.
On Sep 7, 2018, at 8:00 AM, openldap-technical-request@openldap.org wrote:
Send openldap-technical mailing list submissions to openldap-technical@openldap.org
To subscribe or unsubscribe via the World Wide Web, visit http://www.openldap.org/lists/mm/listinfo/openldap-technical or, via email, send a message with subject or body 'help' to openldap-technical-request@openldap.org
You can reach the person managing the list at openldap-technical-owner@openldap.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of openldap-technical digest..."
Send openldap-technical mailing list submissions to openldap-technical@openldap.org When replying, please edit your Subject: header so it is more specific than "Re: openldap-technical digest..."
Today's Topics:
- Replication issue? Data is different between master and consumer with same entryCSNs (Dave Steiner)
- olcSecurity: tls=1 and olcLocalSSF= : what value should I use? (Jean-Francois Malouin)
- Re: olcSecurity: tls=1 and olcLocalSSF= : what value should I use? (Quanah Gibson-Mount)
- Re: Replication issue? Data is different between master and consumer with same entryCSNs (Frank Swasey)
- Re: Replication issue? Data is different between master and consumer with same entryCSNs (Quanah Gibson-Mount)
- Re: olcSecurity: tls=1 and olcLocalSSF= : what value should I use? (Jean-Francois Malouin)
- Re: Replication issue? Data is different between master and consumer with same entryCSNs (Dave Steiner)
Message: 1 Date: Wed, 5 Sep 2018 16:49:44 -0400 From: Dave Steiner steiner@rutgers.edu To: openldap-technical@openldap.org Subject: Replication issue? Data is different between master and consumer with same entryCSNs Message-ID: 129e3614-50fe-ba15-4d4b-5f94d14abcd9@oit.rutgers.edu Content-Type: text/plain; charset="utf-8"; Format="flowed"
I've been noticing various data discrepancies between our LDAP master and LDAP consumers.? We are running OpenLDAP v2.4.44.? We have two masters running "mirromode TRUE" and all updates go through a VIP that points to the first one unless it's not available (doesn't happen very often except for during patches and restarts). We have 13 consumers that replicate through that same VIP.
Here's an example of our syncrepl for a client:
syncrepl rid=221 ? type=refreshAndPersist ? schemachecking=on ? provider="ldap://ldapmastervip.rutgers.edu/" ? bindmethod=sasl ? saslmech=EXTERNAL ? starttls=yes ? tls_reqcert=demand ? tls_protocol_min="3.1" ? searchbase="dc=rutgers,dc=edu" ? attrs="*,+" ? retry="10 10 20 +" ? logbase="cn=accesslog" ? logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" ? syncdata=accesslog ? network-timeout=30 ? keepalive=180:3:60
I check the contextCSN attributes on all the instances every day and they are all in sync (except during any major changes, of course). But I occasionally notice discrepancies in the data.... even though the contextCSNs and entryCSNs are the same.? For example (note hostnames have been changed):
$ ldapsearch ... -H ldap://ldapmaster.rutgers.edu uid=XXXX postalAddress createTimestamp modifyTimestamp entryCSN dn: uid=XXXX,ou=People,dc=rutgers,dc=edu createTimestamp: 20121220100700Z postalAddress: Business And Science Bldg$227 Penn Street$Camden, NJ 081021656 entryCSN: 20180505002024.083133Z#000000#001#000000 modifyTimestamp: 20180505002024Z
$ ldapsearch ... -H ldap://ldapconsumer3.rutgers.edu uid=XXXX postalAddress createTimestamp modifyTimestamp entryCSN dn: uid=XXXX,ou=People,dc=rutgers,dc=edu createTimestamp: 20121220100700Z postalAddress: BUSINESS AND SCIENCE BLDG$227 PENN STREET$CAMDEN, NJ 081021656 entryCSN: 20180505002024.083133Z#000000#001#000000 modifyTimestamp: 20180505002024Z
So I'm trying to figure out why this happens (config issue, bug, ???) and second, if I can't use the contextCSN to report that everything is fine, what else can I do besides trying to compare ldif dumps.
thanks, ds -- Dave Steiner steiner@rutgers.edu IdM, Enterprise Application Services ?? ASB101; 848.445.5433 Rutgers University, Office of Information Technology