greetings,
alas, but I still face the issue ... :-\
---[ replica log quotation start ]------------------------------------------- ... Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 (53) Server is unwilling to perform Jul 27 12:29:46 ABC slapd[15466]: do_syncrepl: rid=000 rc -2 retrying ... ---[ replica log quotation end ]-------------------------------------------
---[ master log quotation start ]------------------------------------------- ... Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND dn="uid=replABC,ou=repl,ou=system,dc=example" method=128 Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND dn="uid=replABC,ou=repl,ou=system,dc=example" mech=SIMPLE ssf=0 Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 RESULT tag=97 err=0 text= Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 STARTTLS Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 RESULT oid= err=0 text= Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH base="cn=example-accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))" Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider! Jul 27 12:29:46 master slapd[45467]: conn=2610 op=3 UNBIND ... ---[ master log quotation end ]-------------------------------------------
please advise
Quanah Gibson-Mount quanah@symas.com wrote:
slapd[38004]: conn=30116 op=3 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider!
It sounds like your replica was not configured correctly initially and self-generated its own CSN that is newer than the one on the provider.
what in replica configuration can lead to that?
I configured replica just as it is described in the documentation "18.3.2.1. Delta-syncrepl Provider configuration"
It would be interesting to make a modification on the provider so that its CSN is updated (and thus has one newer than on the consumer).
doesn't help ...
helps only deleting consumer DB (in some cases for a several times) DB replicates but after some time it looses sync again ...
can master configuration cause that as well?
here is (just to remind) how master/replica are configured ...
---[ replica slapd.conf quotation start ]------------------------------------------- ... syncrepl rid=0 provider=ldap://master.example:389 starttls=critical searchbase="dc=example" bindmethod=simple binddn="uid=replABC,ou=repl,dc=example" credentials="***" tls_cacert=/usr/local/etc/openldap/ssl/ca.crt tls_cert=/usr/local/etc/openldap/ssl/ABC.crt tls_key=/usr/local/etc/openldap/ssl/ABC.key tls_reqcert=try type=refreshAndPersist retry="60 +" logbase="cn=example-accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog ... ---[ replica slapd.conf quotation end ]-------------------------------------------
---[ master configuration quotation start ]------------------------------------------- ... access to dn.subtree="cn=example-accesslog" by dn.onelevel="ou=repl,ou=system,dc=example" read by * break
###--- ABC access to dn.regex="^uid=(.*)@foo.bar,authorizedService=(mail|xmpp)@foo.bar,uid=(.*),ou=People,dc=example$" attrs=entry,entryCSN,entryUUID,objectClass,cn,... by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * break
access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example" by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * stop ... ---[ master configuration quotation end ]-------------------------------------------