Hi!

 

Most likely I misconfigured the accesslog databases used for delta syncrepl (I’m still working on it), but I have some trouble understanding the logs created.

I have two identical servers (SIDs 5 and 6) that also have an identical cn=config that is to be synced as well)

I created two accesslog databases, one for cn=config, and one for the main database.

 

For SDID=5 I see messages like:

Mar 14 15:17:39 v05 slapd[26377]: do_syncrep1: rid=006 starting refresh (sending cookie=rid=006,sid=005,csn=20250314000000.000000Z#000000#000#000000;20250314000000.000000Z#000000#001#000000;20200721123717.002866Z#000000#002#000000;20181031083258.073732Z#000000#003#000000;20250314000002.000000Z#000000#005#000000;20250227092006.790591Z#000000#006#000000)

Mar 14 15:17:39 v05 slapd[26377]: do_syncrep2: rid=006 LDAP_RES_SEARCH_RESULT

Mar 14 15:17:39 v05 slapd[26377]: do_syncrepl: rid=006 rc -101 retrying

Mar 14 15:17:39 v05 slapd[26377]: do_syncrep1: rid=006 starting refresh (sending cookie=rid=006,sid=005,csn=20130719093756.074776Z#000000#000#000000;20250217105250.345944Z#000000#001#000000;20250218171739.629994Z#000000#002#000000;20250217065706.238392Z#000000#003#000000;20250227092327.859231Z#000000#005#000000;20250227092348.803001Z#000000#006#000000)

Mar 14 15:17:39 v05 slapd[26377]: do_syncrep2: rid=006 got search entry without Sync State control (reqStart=20250314114001.000003Z,cn=changelog-1)

Mar 14 15:17:39 v05 slapd[26377]: do_syncrepl: rid=006 rc -1 retrying

 

For the same time interval I see for SID=6:

Mar 14 15:17:26 v06 slapd[14537]: do_syncrep1: rid=005 starting refresh (sending cookie=rid=005,sid=006,csn=20130719093756.074776Z#000000#000#000000;20250217105250.345944Z#000000#001#000000;20250218171739.629994Z#000000#002#000000;20250217065706.238392Z#000000#003#000000;20250227092327.859231Z#000000#005#000000;20250227092348.803001Z#000000#006#000000)

Mar 14 15:17:26 v06 slapd[14537]: do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT

Mar 14 15:17:26 v06 slapd[14537]: do_syncrepl: rid=005 rc -101 retrying

Mar 14 15:17:26 v06 slapd[14537]: do_syncrep1: rid=005 starting refresh (sending cookie=rid=005,sid=006,csn=20250314000000.000000Z#000000#000#000000;20250314000000.000000Z#000000#001#000000;20200721123717.002866Z#000000#002#000000;20181031083258.073732Z#000000#003#000000;20250314000002.000000Z#000000#005#000000;20250227092006.790591Z#000000#006#000000)

Mar 14 15:17:26 v06 slapd[14537]: do_syncrep2: rid=005 got search entry without Sync State control (reqStart=20250314123529.000001Z,cn=changelog-0)

Mar 14 15:17:26 v06 slapd[14537]: do_syncrepl: rid=005 rc -1 retrying

(no corelated messages on Node 1)

Mar 14 15:17:39 v06 slapd[14537]: send_search_entry: conn 1021  ber write failed.

 

Specifically I wonder what the “rc -101 retrying” is really about: the servers should be able to connect to each other.

Also what “got search entry without Sync State control” means.

Finally I also have a “rc -1 retrying” and the “ber write failed”.

I really don’t know where to start debugging.

 

The first syncprov is.

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config

objectClass: olcSyncProvConfig

olcOverlay: syncprov

olcSpCheckpoint: 100 10

olcSpSessionlog: 10

 

My first accesslog looks like:

dn: olcOverlay={1}accesslog,olcDatabase={0}config,cn=config

objectClass: olcOverlayConfig

objectClass: olcAccessLogConfig

olcOverlay: accesslog

olcAccessLogDB: cn=changelog-0

olcAccessLogOps: writes

olcAccessLogPurge: 60+00:00 1+00:00

olcAccessLogSuccess: FALSE

olcAccessLogOld: (objectClass=*)

 

The second syncprov is:

dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config

objectClass: olcSyncProvConfig

olcOverlay: syncprov

olcSpCheckpoint: 100 10

olcSpSessionlog: 100

The second accesslog is:

 

dn: olcOverlay={1}accesslog,olcDatabase={1}mdb,cn=config

objectClass: olcOverlayConfig

objectClass: olcAccessLogConfig

olcOverlay: accesslog

olcAccessLogDB: cn=changelog-1

olcAccessLogOps: writes

olcAccessLogPurge: 60+00:00 1+00:00

olcAccessLogSuccess: FALSE

olcAccessLogOld: (objectClass=*)

 

And the databases are:

dn: olcDatabase={3}mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbDirectory: /var/lib/ldap/changelog-0

olcSuffix: cn=changelog-0

olcAccess: {0}to * by dn.exact="uid=syncrepl,…" read by * break

olcLimits: {0}dn.exact="uid=syncrepl,…" size.soft=unlimited

olcRootDN: cn=admin,cn=changelog-0

olcRootPW: log-0

 

dn: olcDatabase={4}mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: mdb

olcDbDirectory: /var/lib/ldap/changelog-1

olcSuffix: cn=changelog-1

olcAccess: {0}to * by dn.exact="uid=syncrepl,…" read by * break

olcLimits: {0}dn.exact="uid=syncrepl,…" size.soft=unlimited

olcRootDN: cn=admin,cn=changelog-1

olcRootPW: log-1

 

The syncrepl definitions are like this:

olcSyncrepl: {0}rid=5 provider="ldap://v05 /" searchbase="cn=config" type="refreshAndPersist" \

retry="60 5 300 5 1800 +" logbase=cn=changelog-0 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" \

schemachecking=on syncdata=accesslog starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,…" credentials="replicationtest"

olcSyncrepl: {1}rid=6 provider="ldap://v06 /" searchbase="cn=config" type="refreshAndPersist" \

retry="60 5 300 5 1800 +" logbase=cn=changelog-0 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" \

schemachecking=on syncdata=accesslog starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,…" credentials="replicationtest"

 

olcSyncrepl: {0}rid=5 provider="ldap:// v05 /" searchbase="dc=…" type="refreshAndPersist" \

retry="60 5 300 5 1800 +" logbase=cn=changelog-1 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on syncdata=accesslog \

starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,…" credentials="replicationtest"

olcSyncrepl: {1}rid=6 provider="ldap://v06 /" searchbase="dc=… " type="refreshAndPersist" \

retry="60 5 300 5 1800 +" logbase=cn=changelog-1 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on syncdata=accesslog \

starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,…" credentials="replicationtest"

 

Kind regards,

Ulrich Windl