Hi Quanah!
First of all: Thanks for answering the original question. I was wondering first why changes to the database content as such have been persisted and the new contextCSN hasn't until I found that this syncprov-checkpoint thing actually belongs to the syncprov overlay. So I guess it makes sense to switch that on as otherwise - for example after a power failure - I would have lost information, wouldn't I?
Now please allow me some remarks about the part of your answer which I did expect and where you met my expectation straight:
We're using OpenLDAP 2.4.23 on Debian Linux. The backend is a
back-hdb.
Upgrade.
I understand that the behavior which I asked about originally is NOT a bug but "works as designed", so why should I upgrade then?
Actually, yes, newer is better most of the time in OSS land, but still, in a production system IMO you cannot upgrade your software every week, can you?
The other part of the problem is that OpenLDAP is releasing a lot faster than most distros manage to update their packages. For example, in Debian right now they are working on getting 2.4.25 into "experimental" while you're at 2.4.28 already. On average, Debian as well as Ubuntu and others are frequently 2-3 releases behind the current one.
I by no means want to blame the OpenLDAP team for releasing, so maybe I am preaching to the wrong audience here, but I want to run my productive systems with packaged software, not with software which I compiled on the fly from a tarball. So it would be nice if the Debian team would just be faster to package OpenLDAP and maybe move it to the volatile section of their distribution.
Another alternative would of course be a PPA or any other mechanism where the OpenLDAP team would release binary packages for Debian (and possibly other distros as well) right with every new release. Or does something like that exist somewhere and I just did not yet find it?
Regards, Torsten
On Tue, 20 Dec 2011 17:01:19 -0800, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Tuesday, December 20, 2011 12:54 PM -0800 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Tuesday, December 20, 2011 8:39 PM +0000 "Torsten Schlabach
(Tascel
eG)" tschlabach@tascel.net wrote:
We're using OpenLDAP 2.4.23 on Debian Linux. The backend is a
back-hdb.
Upgrade.
A more complete answer (other than you really do need to upgrade, and
for
sanity, rebuild the OpenLDAP you have against OpenSSL), is that you have
syncprov checkpointing on. So the CSN is only updated in the underlying DB based off the period of time you specified to the overlay. Thus when slapd is running, ldapsearch is always going to give you the correct answer. slapcat may or may not. If you stop slapd, slapcat will.
From the manual page:
syncprov-checkpoint <ops> <minutes> After a write operation has succeeded, write the contextCSN to the underlying database if <ops> write operations or more than <minutes>
time
have passed since the last checkpoint. Checkpointing is disabled by default.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration