OpenLDAP 2.4.40

Syncrepl configuration:

olcSyncUseSubentry: FALSE
olcSyncrepl: {0}rid=101  provider=ldap://server1  searchbase="o=xxx,dc=yyy,
 dc=zzz" type=refreshOnly  bindmethod=sasl  saslmech=EXTERNAL  
 tls_cert=/etc/openldap/certs/xxxxx.crt  tls_key=/etc/openldap/certs/xxxxx.key
 tls_cacert=/etc/openldap/certs/cacert.pem  interval=00:00:00:10
   retry="5 10 10 10 30 +"  timeout=1  starttls=critical
olcSyncrepl: {1}rid=102  provider=ldap://server2  searchbase="o=xxx,dc=yyyy,
 dc=zzz"  type=refreshOnly  bindmethod=sasl  saslmech=EXTERNAL  
 tls_cert=/etc/openldap/certs/ldapadmin.crt  tls_key=/etc/openldap/certs/xxxxx.key
 tls_cacert=/etc/openldap/certs/cacert.pem  interval=00:00:00:10
   retry="5 10 10 10 30 +"  timeout=1  starttls=critical
olcMirrorMode: TRUE


BTW, I just tried addinging:

dn: olcOverly={3}syncprov,olcDatabase={2},cn=config
changetype: modify
replace: olcSpCheckpoint
olcSpCheckpoint: 1024
-
add: olcSpSessionlog
olcSpSessionlog: 1024
-
add: olcSpReloadhint
olcSpReloadhint: TRUE


And that seemed to fix it!   Maybe it was just the checkpoint being "1 1" that was messing it up?   Or maybe I needed the session log.   I realize that this is the deprecated approach.   I probably put in cn=changelog instead if there's a good reason to do so.

-Frank




On Tue, Apr 12, 2016 at 6:26 PM, Frank Crow <fjcrow2008@gmail.com> wrote:
OK, if I do a backup with slapcat, I still would want to wipe the existing contents of the DIT first, right?

Also, I just tried doing a list of deleted uid entries using "ldapdelete -ZZ -f /file.ldif" and although the command did not complain, not all of the entries in the file.ldif were deleted from all replicas.   I really think there is something wrong with my configuration!  I suppose that I'll try cn=changelog next.

Thanks,
Frank


On Tue, Apr 12, 2016 at 5:47 PM, Michael Ströder <michael@stroeder.com> wrote:
Frank Crow wrote:
> I'm trying to create backup and restore scripts using LDAP command line
> tools.

For various reasons backup and restore should be done with command-line tools
slapcat and slapadd which operate directly on the database files.

And yes, with recent backend modules like back-mdb and back-hdb you can do hot
backup while slapd is running.

Of course, before a restore you have to stop slapd and remove the DB files.
After using slapadd you should check whether ownership/permissions are still
correct.

Ciao, Michael.




--
Frank



--
Frank