Am 2021-02-01 18:18, schrieb Quanah Gibson-Mount:
--On Monday, February 1, 2021 5:17 PM +0100 Udo Rader udo.rader@bestsolution.at wrote:
OpenLDAP 2.4.47
You need to run the current release (2.4.57) to have stable replication. Hopefully Debian has it in backports for your release. I strongly advise reading the list of fixes made since 2.4.47.
Thanks. We've been using proxy sync-repl without any real issues for years. Every now and then we had (and have) to fix some "glue" objects that for no apparent reason don't get synced properly, but I am unsure if this is the issue here.
ldapsearch shows that the consumers seem to have all the required information, but for reasons unknown, the memberOf overlay doesn't return all members of a group. Difficult to say if this has to do something with our proxied sync-repl situation, but like I said, we've seen some weird things going on when using this kind of setup.
Nevertheless, thanks for pointing out how far back debian is. If this has indeed something to do with the outdated versions, we will switch back to our previous FreeBSD based instances.