Hello,
I've configured 2 ldap servers (2.4.21, from ubuntu 10.04 package) in a master-master configuration. The configuration I have is:
{0}rid=004 provider=ldap://ldap1.mydomain.com binddn="<replicauser>" bindmethod=simple credentials=<replicapass> searchbase="<dc=mydomain>" type=refreshOnly interval=00:00:00:10 retry="5 5 300 +" timeout=1 {1}rid=005 provider=ldap://ldap2.mydomain.com binddn="<relicauser>" bindmethod=simple credentials=<replicapass> searchbase="<dc=mydomain>" type=refreshOnly interval=00:00:00:10 retry="5 5 300 +" timeout=1
I have an oclAccess like:
{3}to dn.subtree=<dc=mydomain> by group.exact=<admingroup> manage ... by * none break
Replica user belongs to group <admingroup>, so it has complete access to the directory.
I have also a limit like:
{1}group=<admingroup> time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
so it has no limits.
The problem is that I'm loading the directory with a lot of entries (about 109000). After all the load process (I've done it in ldap2, with ldapadd commands) I have all the entries in ldap2, but I have a few less in ldap1 (about 107000).
How could I debug the problem?
I have tried later to remove from ldap2 an entry that it isn't at ldap1, and then add it again and the replication is done, so I don't know why it hasn't been replicated the first time.