Hi Folks,
I have 4 servers setup via N-Way multi master using 2.4.44. Updates go to a single provider. We have close to 20 consumers connected to each of the providers via delta syncrepl. Fairly busy system with about 10000 additions, 64000 modifications and 5000 delete on a busy day. Current database is about 15 million entries. We see that some changes are not sent down to the consumers. We miss about 100 entries a day. These entries appear in all 4 providers, but are randomly missing in the consumers. I am still investigating, but any insight/help will be greatly appreciated.
The providers are on RHEL 6, the consumers are on solaris 10.
configure options... --without-cyrus-sasl \ --disable-bdb \ --disable-hdb \ --enable-ldap \ --enable-mdb \ --enable-constraint
Regards,
Ping
=========================
one of the provider config files
========================
# # FileName: slapd.conf # # Author: $Author: d639599 $ # Date: $Date: 2014-08-22 14:00:37 +1000 (Fri, 22 Aug 2014) $ # Revision: $Revision: 18625 $ # CVS Tag: $Name$ # CVS ID: $Id: slapd_master.conf.in 18625 2014-08-22 04:00:37Z d639599 $ # # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /data/openldap24/etc/openldap/schema/core.schema include /data/openldap24/etc/openldap/schema/cosine.schema include /data/openldap24/etc/openldap/schema/nis.schema include /data/openldap24/etc/openldap/schema/radius.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /data/openldap24/var/run/slapd.pid argsfile /data/openldap24/var/run/slapd.args #replica-pidfile /data/openldap/var/run/slurpd.pid
loglevel 32768
threads 32 tool-threads 8
allow bind_v2
# The number of results to return in a search sizelimit unlimited
serverID 02
access to dn=uid=newevdouser@xman.com,ou=users,ou=evdo,ou=data,o=company,c=org by dn=cn=infranet,ou=applicationusers,o=company,c=org read by dn=cn=activeorder,ou=applicationusers,o=company,c=org read by dn=cn=asap,ou=applicationusers,o=company,c=org read .......... ..........
####################################################################### # monitor database ####################################################################### database monitor rootdn "cn=monitoring,cn=Monitor" rootpw XXXXXXXXXXXXXXXXXX
access to dn.subtree="cn=Monitor" by dn.exact="cn=Manager,o=company,c=org" read by * none
####################################################################### # primary database ####################################################################### database mdb suffix "o=company,c=org" rootdn "cn=Manager,o=company,c=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw XXXXXXXXXXXXXXXXXX
#size of sparse file 64Gb maxsize 68719476736
#only required to receive data from slurpd #updatedn cn=directorymaster,ou=applicationusers,ou=radiusdata,o=company,c=org
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /data/openldap24/var/openldap-data
#Allow dirmaster unlimited time for searches limits dn.exact="cn=directorymaster,ou=applicationusers,ou=radiusdata,o=company,c=org" time=unlimited
# Indices to maintain index objectClass eq index uid eq index cn eq index macAddress eq index pinpoid eq index bpiPoid eq index target eq index interceptType eq index interceptValue eq index imei eq index ipHostNumber eq index homeLocation eq index sid eq index remoteId eq index parentDn eq # required for sessionlaog index entryCSN eq index entryUUID eq
checkpoint 128 1 dbnosync
# syncrepl directives for each of the other masters for primary db replication ####################################################################### ## Syncrepl entry for 01 syncrepl rid=01 provider=ldap://host1 type=refreshAndPersist retry="10 +" searchbase="o=company,c=org" bindmethod=simple type=refreshAndPersist binddn="cn=dirmaster,ou=appusers,a,o=company,c=org" credentials=YYYYY retry="60 10 300 +" schemachecking=on
# Syncrepl entry for 02 syncrepl rid=02 provider=ldap://host3 type=refreshAndPersist retry="10 +" searchbase="o=company,c=org" bindmethod=simple type=refreshAndPersist binddn="cn=dirmaster,ou=appusers,a,o=company,c=org" credentials=YYYYY retry="60 10 300 +" schemachecking=on
# Syncrepl entry for 03 syncrepl rid=03 provider=ldap://host4 type=refreshAndPersist retry="10 +" searchbase="o=company,c=org" bindmethod=simple type=refreshAndPersist binddn="cn=dirmaster,ou=appusers,a,o=company,c=org" credentials=YYYYY retry="60 10 300 +" schemachecking=on
#need mirror mode to accept writes mirrormode on
overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logbase writes o=company,c=org # scan the accesslog DB every day, and purge entries older than 14 days logpurge 14+00:00 01+00:00
#sycrepl provider config # define the provider to use the syncprov overlay # (last directives in database section) overlay syncprov syncprov-checkpoint 10000 10 # contextCSN saved to database every 10000 updates or ten minutes syncprov-sessionlog 10000 syncprov-nopresent TRUE
####################################################################### # accesslog database ####################################################################### database mdb suffix "cn=accesslog" rootdn "cn=Manager,o=company,c=org"
#size of sparse file 16Gb maxsize 17179869184
directory /data/openldap24/var/openldap-data-accesslog
#Allow dirmaster unlimited time for searches limits dn.exact="cn=dirmaster,ou=appusers,a,o=company,c=orgg" time=unlimited
index entryCSN eq index objectClass eq index reqEnd eq index reqResult eq index reqStart eq
#sycrepl provider config # define the provider to use the syncprov overlay # (last directives in database section) overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE
====================================== consumer config ====================================== # # FileName: slapd.conf # # Author: $Author: d639599 $ # Date: $Date: 2014-08-22 14:00:37 +1000 (Fri, 22 Aug 2014) $ # Revision: $Revision: 18625 $ # CVS Tag: $Name$ # CVS ID: $Id: slapd_master.conf.in 18625 2014-08-22 04:00:37Z d639599 $ # # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /data/openldap24/etc/openldap/schema/core.schema include /data/openldap24/etc/openldap/schema/cosine.schema include /data/openldap24/etc/openldap/schema/nis.schema include /data/openldap24/etc/openldap/schema/radius.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /data/openldap24/var/run/slapd.pid argsfile /data/openldap24/var/run/slapd.args #replica-pidfile /data/openldap/var/run/slurpd.pid
loglevel 32768 # #threads 64 # allow bind_v2 #
# The number of results to return in a search sizelimit unlimited
tool-threads 2 threads 8 # Load dynamic backend modules: # modulepath /data/openldap/libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
access to * by cn=dirmaster,ou=appusers,a,o=company,c=org write by dn=cn=radiusserver,ou=applicationusers,o=company,c=org read .......... ..........
####################################################################### # config database #######################################################################
database config
# NOTE: the suffix is hardcoded as cn=config and # MUST not have a suffix directive # normal rules apply - rootdn can be anything you want # but MUST be under cn=config
rootdn "cn=admin,cn=config"
# use any of the supported password formats e.g. {SSHA} etc # or plaintext as shown
rootpw XXXXXXXXXXXXXXXXXX
####################################################################### # monitor database #######################################################################
database monitor rootdn "cn=monitoring,cn=Monitor" rootpw {SHA}wauZJOzaG+r4u6oeuCOLg+DtjGM=
access to dn.subtree="cn=Monitor" by dn.exact="cn=Manager,o=company,c=org" read by * none
####################################################################### # mdb database definitions #######################################################################
database mdb suffix "o=company,c=org" rootdn "cn=Manager,o=company,c=org" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw XXXXXXXXXXXXXXXX
maxsize 68719476736
# To speedup further - possibly at the expense of data integrity # Only use for slappadd without slapd running #envflags nometasync #envflags writemap
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /data/openldap24/var/openldap-data
# Indices to maintain index objectClass eq index uid eq index cn eq index macAddress eq index pinpoid eq index bpiPoid eq index target eq index interceptType eq index interceptValue eq index imei eq index ipHostNumber eq index homeLocation eq index sid eq index remoteId eq index parentDn eq index entryUUID eq index entryCSN eq
checkpoint 128 1 dbnosync
# syncrepl directives for primary db replication ####################################################################### ## Syncrepl entry for 01 syncrepl rid=01 provider=ldap://provider1 bindmethod=simple binddn="cn=dirmaster,ou=appusers,a,o=company,c=org" credentials=XXXXXXX searchbase="o=company,c=org" logbase="cn=accesslog" type=refreshAndPersist scope=sub retry="10 +" schemachecking=off logfilter="(&(objectClass=auditWriteObject)(reqResult=0)(|(reqDN:dnSubtreeMatch:=ou=radiusdata,o=company,c=org)(reqDN:dnSubtreeMatch:=ou=applicationusers,o=company,c=org)))" syncdata=accesslog filter="(|(entrydn:dnSubtreeMatch:=ou=radiusdata,o=company,c=org)(entrydn:dnSubtreeMatch:=ou=applicationusers,o=company,c=org))"