Hello, list.
I'm experiencing synchronization problem with my ldap provider-consumer setup. Both nodes are running OpenLDAP 2.4.38 (using mdb backend) at x86_64 under Linux 3.7.10.
Both servers synchronize their time with one NTP server, so clocks are in sync.
I have cn=dhcp,dc=my,dc=org containter which I would like to replicate to openldap consumer.
Consumer uses old-fasioned slapd.conf file: # [... include, acl and logging settings skipped ...]
rootdn "cn=root,dc=my,dc=org" rootpw [ skipped ]
index objectClass eq index entryCSN eq index entryUUID eq index dlzHostname eq index dlzZoneName eq index dlzIPAddr eq index dlzType eq index dhcpHWAddress eq index cn eq,approx,sub
syncrepl rid=1 ... syncrepl rid=2 provider=ldap://172.20.20.207 type=refreshAndPersist interval=00:00:01:00 retry="60 +" searchbase="cn=dhcp,dc=my,dc=org" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="uid=dhcpd,ou=services,dc=my,dc=org" credentials="[ skipped ]"
Problem is that not all changes (adding new objects and changing attributes of existing objects) are replicated from master to consumer. I make change on master by hand, but I do not see log entries on consumer that changed attribute was replicated.
LDAP provider setup (uses online configuartion): dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=my,dc=org olcAddContentAcl: FALSE olcLastMod: TRUE olcLimits: {0}group/groupOfNames/member="cn=ldap admins,ou=groups,dc=my,dc=org" size=unlimited olcLimits: {1}group/groupOfNames/member="cn=ldap admins,ou=groups,dc=my,dc=org" time=unlimited olcLimits: {2}group/groupOfNames/member="cn=admins,ou=mail,ou=groups,dc=my,dc=org" size=unlimited olcLimits: {3}group/groupOfNames/member="cn=replicators,ou=groups,dc=my,dc=org" size=unlimited time=unlimited
User uid=dhcpd,ou=services,dc=my,dc=org is member of group cn=replicators,ou=groups,dc=my,dc=org. dn: cn=Replicators,ou=Groups,dc=my,dc=org cn: Replicators member: uid=dhcpd,ou=services,dc=my,dc=org
Indices on master server: olcDbIndex: dhcpHWAddress,dhcpClassData eq
ACL for cn=dhcp,dc=my,dc=org container (I have only one ACL entry, that mentions cn=dhcp,dc=my,dc=org): ... olcAccess: {15}to dn.subtree="cn=dhcp,dc=my,dc=org" by group/groupOfNames/member.exact="cn=dhcp readers,ou=dhcp,ou=groups,dc=my,dc=org" read by group/groupOfNames/member.exact="cn=dhcp writers,ou=dhcp,ou=groups,dc=my,dc=org" write ...
dn: cn=dhcp readers,ou=dhcp,ou=Groups,dc=my,dc=org cn: dhcp readers objectClass: groupOfNames objectClass: top member: uid=dhcpd,ou=Services,dc=my,dc=org
So for now I checked following: 1. Clocks on both server (both are in sync) 2. ACL for replication DN (replication user is able to read all needed data). 3. Size and time limits for replication DN (replication user has no limits on operations). 4. Schema (objectClasses and attrubutes) on both servers (both nodes use same schemas). 5. Disable indices on consumer server for replicated attributes from cn=dhcp,dc=my,dc=org container (not helped)
What else I can check?
BTW, I would be pleased if someone give somekind of systematic approach for troubleshooting OpenLDAP replication issues.