Good morning,

I am writting from IT Services from Universidad de Navarra.
We have recently upgraded our openldap servers from openldap 2.4.34 with BDB 5.3.21 to openldap 2.4.44 with MDB databases.

We have got configured replication from the master server [1] to some slave servers [2] (syncrepl refreshAndPersist), and it is working ok.

Usually, when a change is made on master server, I can see how it is propagated and applied on the slave server. Using Auditlog Overlay I can see on the slave server:

# modify 1470723918 dc=base,dc=com cn=Admin,dc=base,dc=com  conn=-1
dn: ...
changetype: modify
replace:
[..]
# end modify 1470723918

And just after that, the contextCSN gets updated too:

# modify 1470723918 dc=base,dc=com cn=Admin,dc=base,dc=com  conn=-1
dn: dc=base,dc=com
changetype: modify
replace: contextCSN
contextCSN: 20160809062518.877725Z#000000#000#000000
-
# end modify 1470723918

Is this the normal behaviour?

I do not see the contextCSN update on the accesslog database on the master server, nor on his Auditlog.
So I do not know if contextCSN has been replicated from the master server, or the slave database is updating it.

But I am seeing some weird things from time to time: sometimes, somehow, the contextCSN attribute does not get updated after the modification.
Checking its value in the master server, I can see that it has been updated correctly, but not on the slave server.

The strange thing is that it happens just like once every tens of changes.

Could it be some kind of bad configuration??

On the previous openldap version, we were checking contextCSN value on master and slave servers in order to check the replication status. But right now, although replication is working ok, sometimes the contextCSN does not get updated on the slave sever, so we can not use it in order to check the replication status.


Thank you so much for your help.

Regards,


[1] Master:
* Accesslog Database:

database        mdb
maxsize         1073741824
suffix          cn=log
directory       /../openldap/var/accesslog
rootdn          "cn=Admin,dc=base,dc=com"
index           objectClass     eq
index           entryCSN        eq
index           reqEnd          eq
index           reqResult       eq
index           reqStart        eq
index           reqDN           eq
index           default         eq

overlay syncprov
syncprov-reloadhint true
syncprov-nopresent true

* Main Database overlays:

overlay syncprov
syncprov-checkpoint 1000 60

overlay accesslog
logdb cn=log
logops writes
logsuccess true
logpurge 14+00:00 01+00:00

[2] Slave:

syncrepl rid=1
    provider="ldap://ldap-master.base.com:389/"
    type=refreshAndPersist
    retry="60 10 300 +"
    searchbase="dc=base,dc=com"
    logbase="cn=log"
    syncdata=accesslog
    logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
    scope=sub
    schemachecking=off
    binddn=...


Oscar Remírez de Ganuza Satrústegui

IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/