Hi Folks,

I have 4 servers setup via N-Way multi master using 2.4.44. Updates go to a single provider. We have close to 20 consumers connected to each of the providers via delta syncrepl. Fairly busy system with about 10000 additions, 64000 modifications and 5000 delete on a busy day. Current database is about 15 million entries. We see that some changes are not sent down to the consumers. We miss about 100 entries a day. These entries appear in all 4 providers, but are randomly missing in the consumers. I am still investigating, but any insight/help will be greatly appreciated.

The providers are on RHEL 6, the consumers are on solaris 10.

configure options...

--without-cyrus-sasl \

--disable-bdb \

--disable-hdb \

--enable-ldap \

--enable-mdb \

--enable-constraint

Regards,

Ping

=========================

one of the provider config files

========================

# FileName: slapd.conf

# Author: $Author: d639599 $

# Date: $Date: 2014-08-22 14:00:37 +1000 (Fri, 22 Aug 2014) $

# Revision: $Revision: 18625 $

# CVS Tag: $Name$

# CVS ID: $Id: slapd_master.conf.in 18625 2014-08-22 04:00:37Z d639599 $

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

include /data/openldap24/etc/openldap/schema/core.schema

include /data/openldap24/etc/openldap/schema/cosine.schema

include /data/openldap24/etc/openldap/schema/nis.schema

include /data/openldap24/etc/openldap/schema/radius.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

pidfile /data/openldap24/var/run/slapd.pid

argsfile /data/openldap24/var/run/slapd.args

#replica-pidfile /data/openldap/var/run/slurpd.pid

loglevel 32768

threads 32

tool-threads 8

allow bind_v2

# The number of results to return in a search

sizelimit unlimited

serverID 02

access to dn=uid=newevdouser@xman.com,ou=users,ou=evdo,ou=data,o=company,c=org

by dn=cn=infranet,ou=applicationusers,o=company,c=org read

by dn=cn=activeorder,ou=applicationusers,o=company,c=org read

by dn=cn=asap,ou=applicationusers,o=company,c=org read

..........

#######################################################################

# monitor database

#######################################################################

database monitor

rootdn "cn=monitoring,cn=Monitor"

rootpw XXXXXXXXXXXXXXXXXX

access to dn.subtree="cn=Monitor"

by dn.exact="cn=Manager,o=company,c=org" read

by * none

#######################################################################

# primary database

#######################################################################

database mdb

suffix "o=company,c=org"

rootdn "cn=Manager,o=company,c=org"

# Cleartext passwords, especially for the rootdn, should

# be avoid. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw XXXXXXXXXXXXXXXXXX

#size of sparse file 64Gb

maxsize 68719476736

#only required to receive data from slurpd

#updatedn cn=directorymaster,ou=applicationusers,ou=radiusdata,o=company,c=org

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory /data/openldap24/var/openldap-data

#Allow dirmaster unlimited time for searches

limits dn.exact="cn=directorymaster,ou=applicationusers,ou=radiusdata,o=company,c=org" time=unlimited

# Indices to maintain

index objectClass eq

index uid eq

index cn eq

index macAddress eq

index pinpoid eq

index bpiPoid eq

index target eq

index interceptType eq

index interceptValue eq

index imei eq

index ipHostNumber eq

index homeLocation eq

index sid eq

index remoteId eq

index parentDn eq

# required for sessionlaog

index entryCSN eq

index entryUUID eq

checkpoint 128 1

dbnosync

# syncrepl directives for each of the other masters for primary db replication

#######################################################################

## Syncrepl entry for 01

syncrepl rid=01

provider=ldap://host1

type=refreshAndPersist

retry="10 +"

searchbase="o=company,c=org"

bindmethod=simple

type=refreshAndPersist

binddn="cn=dirmaster,ou=appusers,a,o=company,c=org"

credentials=YYYYY

retry="60 10 300 +"

schemachecking=on

# Syncrepl entry for 02

syncrepl rid=02

provider=ldap://host3

type=refreshAndPersist

retry="10 +"

searchbase="o=company,c=org"

bindmethod=simple

type=refreshAndPersist

binddn="cn=dirmaster,ou=appusers,a,o=company,c=org"

credentials=YYYYY

retry="60 10 300 +"

schemachecking=on

# Syncrepl entry for 03

syncrepl rid=03

provider=ldap://host4

type=refreshAndPersist

retry="10 +"

searchbase="o=company,c=org"

bindmethod=simple

type=refreshAndPersist

binddn="cn=dirmaster,ou=appusers,a,o=company,c=org"

credentials=YYYYY

retry="60 10 300 +"

schemachecking=on

#need mirror mode to accept writes

mirrormode on

overlay accesslog

logdb cn=accesslog

logops writes

logsuccess TRUE

logbase writes o=company,c=org

# scan the accesslog DB every day, and purge entries older than 14 days

logpurge 14+00:00 01+00:00

#sycrepl provider config

# define the provider to use the syncprov overlay

# (last directives in database section)

overlay syncprov

syncprov-checkpoint 10000 10

# contextCSN saved to database every 10000 updates or ten minutes

syncprov-sessionlog 10000

syncprov-nopresent TRUE

#######################################################################

# accesslog database

#######################################################################

database mdb

suffix "cn=accesslog"

rootdn "cn=Manager,o=company,c=org"

#size of sparse file 16Gb

maxsize 17179869184

directory /data/openldap24/var/openldap-data-accesslog

#Allow dirmaster unlimited time for searches

limits dn.exact="cn=dirmaster,ou=appusers,a,o=company,c=orgg" time=unlimited

index entryCSN eq

index objectClass eq

index reqEnd eq

index reqResult eq

index reqStart eq

#sycrepl provider config

# define the provider to use the syncprov overlay

# (last directives in database section)

overlay syncprov

syncprov-nopresent TRUE

syncprov-reloadhint TRUE

======================================

consumer config

======================================

# FileName: slapd.conf

# Author: $Author: d639599 $

# Date: $Date: 2014-08-22 14:00:37 +1000 (Fri, 22 Aug 2014) $

# Revision: $Revision: 18625 $

# CVS Tag: $Name$

# CVS ID: $Id: slapd_master.conf.in 18625 2014-08-22 04:00:37Z d639599 $

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

include /data/openldap24/etc/openldap/schema/core.schema

include /data/openldap24/etc/openldap/schema/cosine.schema

include /data/openldap24/etc/openldap/schema/nis.schema

include /data/openldap24/etc/openldap/schema/radius.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral ldap://root.openldap.org

pidfile /data/openldap24/var/run/slapd.pid

argsfile /data/openldap24/var/run/slapd.args

#replica-pidfile /data/openldap/var/run/slurpd.pid

loglevel 32768

#threads 64

allow bind_v2

# The number of results to return in a search

sizelimit unlimited

tool-threads 2

threads 8

# Load dynamic backend modules:

# modulepath /data/openldap/libexec/openldap

# moduleload back_bdb.la

# moduleload back_ldap.la

# moduleload back_ldbm.la

# moduleload back_passwd.la

# moduleload back_shell.la

# Sample security restrictions

# Require integrity protection (prevent hijacking)

# Require 112-bit (3DES or better) encryption for updates

# Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

# Root DSE: allow anyone to read it

# Subschema (sub)entry DSE: allow anyone to read it

# Other DSEs:

# Allow self write access

# Allow authenticated users read access

# Allow anonymous users to authenticate

# Directives needed to implement policy:

# access to dn.base="" by * read

# access to dn.base="cn=Subschema" by * read

# access to *

# by self write

# by users read

# by anonymous auth

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn. (e.g., "access to * by * read")

# rootdn can always read and write EVERYTHING!

access to *

by cn=dirmaster,ou=appusers,a,o=company,c=org write

by dn=cn=radiusserver,ou=applicationusers,o=company,c=org read

..........

#######################################################################

# config database

#######################################################################

database config

# NOTE: the suffix is hardcoded as cn=config and

# MUST not have a suffix directive

# normal rules apply - rootdn can be anything you want

# but MUST be under cn=config

rootdn "cn=admin,cn=config"

# use any of the supported password formats e.g. {SSHA} etc

# or plaintext as shown

rootpw XXXXXXXXXXXXXXXXXX

#######################################################################

# monitor database

#######################################################################

database monitor

rootdn "cn=monitoring,cn=Monitor"

rootpw {SHA}wauZJOzaG+r4u6oeuCOLg+DtjGM=

access to dn.subtree="cn=Monitor"

by dn.exact="cn=Manager,o=company,c=org" read

by * none

#######################################################################

# mdb database definitions

#######################################################################

database mdb

suffix "o=company,c=org"

rootdn "cn=Manager,o=company,c=org"

# Cleartext passwords, especially for the rootdn, should

# be avoid. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw XXXXXXXXXXXXXXXX

maxsize 68719476736

# To speedup further - possibly at the expense of data integrity

# Only use for slappadd without slapd running

#envflags nometasync

#envflags writemap

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory /data/openldap24/var/openldap-data

# Indices to maintain

index objectClass eq

index uid eq

index cn eq

index macAddress eq

index pinpoid eq

index bpiPoid eq

index target eq

index interceptType eq

index interceptValue eq

index imei eq

index ipHostNumber eq

index homeLocation eq

index sid eq

index remoteId eq

index parentDn eq

index entryUUID eq

index entryCSN eq

checkpoint 128 1

dbnosync

# syncrepl directives for primary db replication

#######################################################################

## Syncrepl entry for 01

syncrepl rid=01

provider=ldap://provider1

bindmethod=simple

binddn="cn=dirmaster,ou=appusers,a,o=company,c=org"

credentials=XXXXXXX

searchbase="o=company,c=org"

logbase="cn=accesslog"

type=refreshAndPersist

scope=sub

retry="10 +"

schemachecking=off

logfilter="(&(objectClass=auditWriteObject)(reqResult=0)(|(reqDN:dnSubtreeMatch:=ou=radiusdata,o=company,c=org)(reqDN:dnSubtreeMatch:=ou=applicationusers,o=company,c=org)))"

syncdata=accesslog

filter="(|(entrydn:dnSubtreeMatch:=ou=radiusdata,o=company,c=org)(entrydn:dnSubtreeMatch:=ou=applicationusers,o=company,c=org))"