Greetings,
Haven't used OpenLDAP since 2.1; I see it has come a long way. I have a few hundred static groups and am using the memberOf overlay. There's a hundred thousand or so people entries and thousands of memberships. The overlay is configured thusly:
# {0}memberof, {1}bdb, config dn: olcOverlay={0}memberof,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: {0}memberof olcMemberOfDangling: drop olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfUniqueNames olcMemberOfMemberAD: uniqueMember olcMemberOfMemberOfAD: isMemberOf
(I know a number of these attributes are not strictly correct -- a legacy encumbrance)
When the replica starts a total update, it goes well for a while, then stops right here every time:
4f450e2d syncrepl_entry: rid=004 be_search (0) 4f450e2d syncrepl_entry: rid=004 cn=uc:org:nsit:integration:techag,ou=groups,dc=uchicago,dc=edu 4f450e2d conn=-1 op=0: memberof_op_add("cn=uc:org:nsit:integration:techag,ou=groups,dc=uchicago,dc=edu"): member="uid=chudler,ou=people,dc=uchicago,dc=edu" does not exist (stripping...) slapd: entry.c:773: entry_encode: Assertion `i == a->a_numvals' failed.
The member ("uid=chudler") does exist in the master, I can find it with ldapsearch. I believe it does not yet exist in the replica. I'd like for total replication to succeed without doing an initial slapcat. Has anyone encountered this before? I am happy to debug if you need more information.
Version 2.4.29, also using the refint overlay if that matters.