Hi,

I can simulate the problem, since I have a cron job running at every 1 minute to execute query to the LDAP records, e.g. if the password is nearly expired, I will update a user-defined value.  Since 4 servers will see that record will expire and set the record simultaneously at the same time, what will happen to this case ?  It seems that it will corrupt the contextCSN.

The reason to have this cron job running so frequently is that I want to check the pwdAccountLockedTime, if this attribute is present, I will update a user-defined value and this will synchronize to other servers.  My question is, when a user is locked in one server (the pwdAccountLockedTime attribute exists), why the LDAP will not sync this attribute to other servers ???  Is this spec. or program bug ?  I need to manually update a user-defined attrbiute, then, everything will be in synced...

Thanks


> Date: Tue, 11 Nov 2008 12:16:39 +0100
> From: ando@sys-net.it
> To: badguy9588@hotmail.com
> CC: openldap-technical@openldap.org
> Subject: Re:
>
> Bad Guy wrote:
> > Dear all,
> >
> > I am running the openldap 2.4.11 with 4 way masters (SID=001 to 004) configured. (my suffix is empty in slapd.conf)
> >
> > The data can be synced initially. I add records in 1 server and all the other 3 servers will have the new record added. However, I found that after running for some time, one server will have corrupted contextCSN in SID=001.
> >
> > dn:
> > contextCSN:: sCttCIio0wAxNTQzMTMuMDQ1Mjk3WiMwMDAwMDAjMDAyIzAwMDAwMA==
> > contextCSN: 20081107061013.853051Z#000000#001#000000
> > contextCSN: 20081107073602.911356Z#000000#003#000000
> > contextCSN: 20081107061028.825773Z#000000#004#000000
> >
> > The contextCSN for SID=002 in server 1 is corrupted. So, whenever there is an update in SID=002 server, th e SID=001 server will never get the update,
> > however, when there is update in SID=003 or SID=004 server, the records will get updated in SID=001.
> >
> > We have a background cron job in each server running at 1 minutes interval to retrieve the records and set some user defined attributes if it meet some certain criteria.
> >
> > What's the cause to this corruption ? Is there any way to recover the corrupted contextCSN by command or script without rebuild the data ?
>
> Looks similar to <http://www.openldap.org/its?findid=5661>. Can you
> post your configuration? Also, can you try re24 code from the CVS (or
> wait until 2.4.13 is out)?
>
> p.
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Fax: +39 0382 476497
> Email: ando@sys-net.it
> -----------------------------------
>


5 GB 超大容量 、創新便捷、安全防護垃圾郵件和病毒 — 立即升級 Windows Live Hotmail?