On 20/6/2012 3:10 μμ, Konstantin Menshikov wrote:
Please, show your replication setup at which it works correctly.
OK, here is an example test setup:
DN: ou=TestBranch1,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: TestBranch1
DN: dc=hostx,ou=TestBranch1,dc=example,dc=com objectClass: dNSDomain2 objectClass: domainRelatedObject associatedDomain: hostx.example.com cNAMERecord: www.example.com dc: hostx
DN: ou=TestBranch2,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: TestBranch2
ACLs (over-simplistic, devised to illustrate the case): {0}to dn.sub="ou=TestBranch1,dc=example,dc=com" by dn.exact="uid=dnsauth,ou=system,dc=example,dc=com" write by * none {1}to dn.sub="ou=TestBranch2,dc=example,dc=com" by * none
Consumer setup:
syncrepl rid=444 provider=ldaps://vdev.example.com type=refreshAndPersist tls_reqcert=never retry="60 +" searchbase="dc=example,dc=com" schemachecking=off bindmethod=simple binddn="uid=dnsauth,ou=System,dc=example,dc=com" credentials="secret"
Initial State: dc=hostx,ou=TestBranch1,dc=example,dc=com exists on both provider and consumer.
Action1: Manager moves (on the provider) dc=hostx from ou=TestBranch1,dc=example,dc=com to dc=hostx,ou=TestBranch2,dc=example,dc=com where consumer has no visibility. Result: Entry is removed from the consumer
Action2: Manager moves back dc=hostx from ou=TestBranch2,dc=example,dc=com to dc=hostx,ou=TestBranch1,dc=example,dc=com where consumer has visibility. Result: Entry is added back to the consumer
On the provider:
Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x41046300 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e4b94b0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_queue_csn: queing 0x4351e750 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e003b10 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x4251c300 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: syncprov_sendresp: cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d620 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_queue_csn: queing 0x41046750 20120620212527.515237Z#000000#000#000000 Jun 21 00:25:27 vdev slapd[2212]: slap_graduate_commit_csn: removing 0x1e46d5c0 20120620212527.515237Z#000000#000#000000
On the consumer:
Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 LDAP_RES_INTERMEDIATE - NEW_COOKIE Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 NEW_COOKIE: rid=444,csn=20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc2746a0 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.398242Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: 6bd53150-9abf-4c83-9d23-9a706b042e07 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_DELETE) Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0) Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc28ba90 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: syncrepl_entry: rid=444 be_delete dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:24:59 dnslab slapd[20628]: slap_queue_csn: queing 0xc47e150 20120620212459.506829Z#000000#000#000000 Jun 21 00:24:59 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46f320 20120620212459.506829Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: do_syncrep2: rid=444 cookie=rid=444,csn=20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_message_to_entry: rid=444 DN: dc=hostx,ou=TestBranch1,dc=example,dc=com, UUID: bfd9ef4e-e299-445b-b0db-ffafbd8f3804 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_search (0) Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 dc=hostx,ou=TestBranch1,dc=example,dc=com Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: syncrepl_entry: rid=444 be_add dc=hostx,ou=TestBranch1,dc=example,dc=com (0) Jun 21 00:25:27 dnslab slapd[20628]: slap_queue_csn: queing 0xc46f7e0 20120620212527.418467Z#000000#000#000000 Jun 21 00:25:27 dnslab slapd[20628]: slap_graduate_commit_csn: removing 0xc46ea50 20120620212527.418467Z#000000#000#000000
As I have noted in another message, I found it is important that the syncrepl user have NO access at all to the branch where we want no visibility, otherwise, there might be syncrepl tricky behavior.
Nick