Re: syncrepl missing entries in openldap 2.4.23

James_Whiteacre(a)McAfee.com wrote: > I am trying to set up syncrepl to have multiple providers to a single consumer. Basically allowing me to combine two ldap's into a single ldap. I know this is probably not a standard configuration but seems like it should work. > > This seems to work for a while but then all of the records from one of the providers is deleted. And even though the consumer still is polling both providers the records will will not get added back. No, this setup will always fail in the manner you describe. The way a syncrepl refresh works by default is that the provider tells the consumer about every entry it knows about within the search context. The consumer then deletes everything on its side that the provider didn't enumerate. Since both of your consumers are using the identical search base, every time one of them refreshes it will always delete everything the other one retrieved. (This is the normal operation of a syncrepl refresh Present phase. Read RFC4533 for the detailed explanation.) It's possible to get this working, somewhat, using delta-syncrepl, which usually does not use a Present phase. However, if the consumer ever lags behind the provider's log (i.e., the consumer's state is older than the oldest entry in the provider's log) then delta-syncrepl falls back to normal syncrepl, and you'll hit the refresh Present phase again. So in general, what you're trying to do is unsupported. > Here is my consumer syncrepl configuration. The providers are a standard provider configuration. > > Any help would be appreciated. > > Jim > > > serverID 064 > > database bdb > suffix "o=dogcatfish" > rootdn "cn=admin,o=dogcatfish" > > limits dn.exact="cn=admin,o=dogcatfish" size=unlimited time=unlimited > > # Cleartext passwords, especially for the rootdn, should > # be avoid. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw admin > > # syncrepl configuration > syncrepl rid=64 > provider=ldap://provider1 > type=refreshOnly > interval=00:00:01:00 > retry="60 10 300 +" > searchbase="o=dogcatfish" > filter="(objectClass=*)" > scope=sub > attrs="*,+" > schemachecking=off > bindmethod=simple > binddn="cn=admin,o=dogcatfish" > credentials="admin" > > # syncrepl configuration > syncrepl rid=68 > provider=ldap://provider2 > type=refreshOnly > interval=00:00:01:00 > retry="60 10 300 +" > searchbase="o=dogcatfish" > filter="(objectClass=*)" > scope=sub > attrs="*,+" > schemachecking=off > bindmethod=simple > binddn="cn=admin,o=dogcatfish" > credentials="admin" > > # Indices to maintain > index contextCSN,entryCSN,entryUUID,objectClass,cn,dc,mail eq > checkpoint 1024 5 > > mirrormode TRUE > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/