Quanah Gibson-Mount wrote:
My only comment would be, if you want reliable replication, use delta-syncrepl.
Are you saying syncrepl is known to be broken? Or shoddy in general? I find the whole issue that a "top level" of a tree can disappear, but the tree itself still works to be troubling. Perhaps BerkeleyDB broken?
I did look at delta-syncrepl, but it never ran very well, and seemed quite over complicated for marginal gains. As I understood it, syncrepl always sends entire records, whereas delta-syncrepl can update just the attribute of a record. This did not sound like it would make any difference. Is my understanding incorrect?
This is what I added to the slapd.conf on master when testing it. Currently, not on the production servers.
*** In the middle of slapd.conf
# delta-syncrepl needs full access access to * by dn.base="cn=replicator,dc=company,dc=com" read by * break
*** At the end of slapd.conf
overlay accesslog logdb "cn=deltalog" logops writes logsuccess TRUE logpurge 2+00:00 1+00:00
# define the replica provider for this database # (last directives in database section) overlay syncprov # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10
# Let the replica DN have limitless searches limits dn.exact="cn=replicator,dc=company,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# Accesslog database definitions database hdb suffix cn=deltalog directory /usr/local/var/openldap-data/deltalog rootdn cn=deltalog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart # dbconfig set_lk_detect DB_LOCK_DEFAULT dbconfig set_lg_max 52428800 dbconfig set_cachesize 0 536870912 0 dbconfig set_flags db_log_autoremove dbconfig set_lk_max_objects 200 dbconfig set_lk_max_locks 200 dbconfig set_lk_max_lockers 200
# the access log is also a provider # syncprov-nopresent inhibits the present phase of synchronization # syncprov-reloadhint TRUE mandatory for delta sync overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE