While testing sync replication, I encountered a situation in which a previously deleted DN cannot be added again because the ldapadd command receives a 68 error code.  If I perform an ldapsearch command for the DN, the DN is not found.  If I try to add the DN, the add fails with a 68 error code.  If I perform a slapcat command for that DN, slapcat displays the record.  I have removed all BDB index files and rerun the slapindex command, but the DN is still not found with the ldapsearch command and fails to be added because of a 68 error code.  1 reason I can think of is that deleting a DN does not physically delete the record, but flags the DN as being logically deleted.  This condition does not happen all the time, but it does happen eventually after I have been adding, modifying, and deleting records for approximately 15 minutes.

I’m running openLDAP 2.4.17 with BDB 4.6.21 (and have not applied the 4 BDB patches).  Running sync replication with 2 masters defined in mirror mode using refreshandpersist; issuing LDAP commands against only master slapd #1.

Barry Colston