Entries are taking a LONG time to propagate (if they do at all)..
I'm getting a TON of entries in the log like this on the slave side (continuously):
Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5 Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2629 does not match filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode: "uid=mwatson,ou=People,dc=acme,dc=com" Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= entry_decode(uid=mwatson,ou=People,dc=acme,dc=com) Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: EQUALITY Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search access to "uid=mwatson,ou=People,dc=acme,dc=com" "entryUUID" requested Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5 Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2630 does not match filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode: "cn=mwatson,ou=Group,dc=acme,dc=com" Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= entry_decode(cn=mwatson,ou=Group,dc=acme,dc=com) Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: EQUALITY Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search access to "cn=mwatson,ou=Group,dc=acme,dc=com" "entryUUID" requested Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= root access granted Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= test_filter 5 Nov 16 21:03:54 sfo-dns-01 slapd[11864]: bdb_search: 2631 does not match filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: entry_decode: "ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com" Nov 16 21:03:54 sfo-dns-01 slapd[11864]: <= entry_decode(ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com) Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => test_filter Nov 16 21:03:54 sfo-dns-01 slapd[11864]: EQUALITY Nov 16 21:03:54 sfo-dns-01 slapd[11864]: => access_allowed: search access to "ou=Contacts,uid=mwatson,ou=People,dc=acme,dc=com" "entryUUID" request ed
Here's the slave config:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ldapab.schema include /etc/openldap/schema/ppolicy.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap moduleload ppolicy.la
TLSCertificateFile /etc/openldap/ldap.cert TLSCertificateKeyFile /etc/openldap/ldap.key
database bdb suffix "dc=acme,dc=com"
rootdn "uid=helpdesk,ou=People,dc=acme,dc=com"
rootpw {SHA}FOOOOOO+pZB93s06zAM1vQo=
directory /var/lib/ldap
overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=acme,dc=com" ppolicy_use_lockout
sizelimit 2500
loglevel -1
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
syncrepl rid=123 provider=ldap://ldap-stage.acme.com:389 #type=refreshAndPersist type=refreshOnly interval=00:00:02:00 searchbase="dc=acme,dc=com" # filter="(objectClass=organizationalPerson)" filter="(objectClass=*)" updatedn "uid=helpdesk,ou=People,dc=acme,dc=com" scope=sub schemachecking=off bindmethod=simple binddn="uid=helpdesk,ou=People,dc=acme,dc=com" credentials=FOOOBAR
updateref ldap://ldap-stage.acme.com