Hi,
Howard Chu schrieb (24.02.2012 21:36 Uhr):
Marc Patermann wrote:
With this sorted out, this is what I get (both pre 2.4.30 code):
- slapadd the provider with current data
- slapadd the consumer with older data
-> present check, exact sync
- ldap changes on provider
- reset and slapadd the consumer with older data
-> no present check, servers not in sync only changes made after the last provider start are synced
- reset and slapadd the consumer with older data and restart provider
-> present check, exact sync
I then checked against 2.4.26 on the provider and the behavior changed:
- slapadd the provider with current data
- slapadd the consumer with older data
-> present check, exact sync
- ldap changes on provider
- reset and slapadd the consumer with older data
-> present check, exact sync
Is this the way it is supposed to happen? I think this is a bug in current code.
In the complete absence of any config information from you, it's impossible to determine. If you have a syncprov sessionlog, then if you didn't restart the provider, it may not cause a full presence check when a consumer connects.
So, the sessionlog keeps me from getting the full sync in version >2.4.26? I set sessionlog. Here is the provider config:
modulepath /usr/lib/openldap/modules moduleload accesslog.la moduleload dynlist.la moduleload memberof.la moduleload refint.la moduleload unique.la include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/authldap.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/dnszone.schema include /etc/openldap/schema/dhcp.schema include /etc/openldap/schema/ofdconf.schema include /etc/openldap/schema/nagios.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/ofdaddon.schema include /etc/openldap/ofd.acl pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args threads 350 concurrency 350 loglevel config stats stats2 sync defaultsearchbase "ou=humans,ou=foo" sizelimit -1 timelimit 4000 TLSCACertificateFile /etc/openldap/ssl/ldapca.pem TLSCertificateFile /etc/openldap/ssl/ldapcert.pem TLSCertificateKeyFile /etc/openldap/ssl/ldapkey.pem authz-policy to authz-regexp uid=human,cn=[^,]*,cn=auth dn:"cn=human,ou=mgr,ou=foo" authz-regexp uid=cyrus,cn=[^,]*,cn=auth "ldap:///ou=humans,ou=foo??sub?(uid=cyrus)" authz-regexp uid=([^,]*),cn=[^,]*,cn=auth "ldap:///ou=humans,ou=foo??sub?(maildrop=$1@*)" authz-regexp "cn=human,ou=mgr,ou=foo" dn.subtree="ou=humans,ou=foo" database config rootdn cn=config rootpw secret database bdb suffix "ou=foo" rootdn "cn=gen.man,ou=mgr,ou=foo" directory /var/lib/ldap/main-data checkpoint 4096 5 cachesize 25000 idlcachesize 45000 dbconfig set_cachesize 2 0 0 dbconfig set_lg_dir /var/log/bdb/main dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_flags DB_LOG_AUTOREMOVE index objectClass eq index cn eq,sub index version eq index entryCSN,entryUUID eq index default eq index uid index mail sub,eq index sn sub,eq index givenName sub,eq index maildrop,ou sub,eq index relativeDomainName eq,sub index dhcpHWAddress index dhcpClassData index dhcpOption index zoneName index uidNumber,gidNumber eq include /etc/openldap/linux.acl overlay glue overlay accesslog logdb "cn=log" logops writes logpurge 10+00:00 1+00:00 overlay dynlist dynlist-attrset groupOfURLs memberURL overlay refint refint_attributes member memberOf refint_nothing "cn=dummy,ou=foo" overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 database hdb suffix "cn=log" directory /var/lib/ldap/log-data rootdn "cn=gen.man,ou=mgr,ou=foo" checkpoint 10240 5 dbconfig set_cachesize 0 367001600 0 dbconfig set_lg_dir /var/log/bdb/log dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 dbconfig set_flags DB_LOG_AUTOREMOVE index objectClass eq index cn eq,sub index reqStart eq overlay syncprov syncprov-nopresent TRUE syncprov-checkpoint 100 10 syncprov-sessionlog 100 database monitor access to dn.subtree="cn=monitor" by * read
Marc