Hi all

 

I was reading this post in openldap-technical forum.

I am in the process to install a full authenticate service here using samba and openldap, my pdc and bdc are ldap based servers, and are in different locations, using a router to connect them, then… a full master ldap is needed in these two locations.

 

I have two ldap servers in mirror mode (in a virtual machines, using vmware), these two servers are time synchronized using the same time server.

When a update a ldap entry in one server, the data replicate fine, but when I use the other, I have the following error in my logs.

 

Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2: cookie=rid=002,sid=002,csn=20090429165015.624045Z#000000#001#000000

Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2: rid=002 CSN too old, ignoring 20090429165015.624045Z#000000#001#000000

 

The time is very difficult to maintain in sync when virtual machines are in use, and Openldap servers are extremely sensitive to time lag.

 

Apparently this is a bug in ldap 2.4.11 and will be fixed in ldap 2.4.16

http://www.openldap.org/lists/openldap-bugs/200903/msg00202.html

 

Anyone could solve the problem?

Im using debian lenny

 

srvped2master:/etc/ldap# apt-cache policy slapd

slapd:

  Installed: 2.4.11-1

  Candidate: 2.4.11-1

  Version table:

 *** 2.4.11-1 0

        500 http://ftp.us.debian.org lenny/main Packages

        100 /var/lib/dpkg/status

 

This is my slapd.conf

 

#################

 

serverID 1

include         /etc/ldap/schema/core.schema

include         /etc/ldap/schema/cosine.schema

include         /etc/ldap/schema/nis.schema

include         /etc/ldap/schema/inetorgperson.schema

include         /etc/ldap/schema/samba.schema

include         /etc/ldap/schema/misc.schema

 

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd/slapd.args

loglevel        16384

 

modulepath      /usr/lib/ldap

moduleload      back_hdb

moduleload      syncprov

 

sizelimit 500

 

tool-threads 1

 

backend         hdb

database        hdb

suffix          "dc=avhlima,dc=edu,dc=pe"

rootdn          "cn=admin,dc=avhlima,dc=edu,dc=pe"

 

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks 1500

dbconfig set_lk_max_lockers 1500

 

syncrepl rid=001

  provider=ldap://192.168.4.8

  type=refreshAndPersist

  retry="60 +"

  searchbase="dc=avhlima,dc=edu,dc=pe"

  attrs="*,+"

  bindmethod=simple

  binddn="cn=admin,dc=avhlima,dc=edu,dc=pe"

  credentials=XXXXXXXXXXXX

 

mirrormode on

 

index           objectClass eq

index           cn pres,sub,eq

index           sn pres,sub,eq

index           uid pres,sub,eq

index           displayName pres,sub,eq

index           uidNumber eq

index           gidNumber eq

index           memberUID eq

index           sambaSID eq

index           sambaPrimaryGroupSID eq

index           sambaDomainName eq

index           default sub

 

lastmod         on

 

checkpoint      512 30

overlay         syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

 

 

access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange

        by dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write

        by anonymous auth

        by self write

        by * none

 

access to dn.base="" by * read

 

access to *

        by dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write

        by * read

 

##########################

 

The diff between servers are only in:

 

serverID 2

syncrepl rid=002

  provider=ldap://192.168.3.8

 

 

Thanx 4 your time

Victor