--On Friday, May 24, 2024 1:21 PM -0700 Quanah Gibson-Mount quanah@fast-mail.org wrote:
In OpenLDAP 2.3 and OpenLDAP 2.4, it was not safe to use syncrepl. A lot of work went into improving both delta-sync and syncrepl in OpenLDAP 2.5, but some innate issues with delta-syncrepl leave standard syncrepl the best option at this time. A lot of work was also done on the syncrepl side to reduce its traffic overhead compared to prior releases. So what is best to use varies significantly depending on the release series. At this point, I generally recommend 2.6 for deployments, and using syncrepl for replication.
For completeness: One general issue with syncrepl (whether using delta-sync or syncrepl, since it affects fallback) is the sessionlog. In 2.6, you can have it use the accesslog db for the sessionlog instead of an in-memory sessionlog. This can help in cert REFRESH situations, but necessitates maintaing the accesslog db even if it's not being used for delta-syncrepl.
--Quanah