parent is customer
"""
suffix          "dc=SCNCA,dc=ROOTCA"
rootdn        "cn=admin,dc=SCNCA,dc=ROOTCA"
rootpw        secret

checkpoint      512 30

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

ServerID 000

syncrepl rid=001
        provider=ldap://${SON_LDAP_ADDRESS}:${SON_LDAP_PORT}
        type=refreshOnly
# five minutes, you should do syncrepl once a day in practice
        interval=00:01:00:00
        searchbase="${SON_BASE}"
        filter="(objectClass=*)"
        scope=sub
        schemachecking=off
        bindmethod=simple
        binddn="${SON_ADMIN}"
        credentials=${SON_PASSWD}
        retry="5 5 300 +"

mirrormode on

"""

son is provider
"""
suffix          "dc=sonCA,dc=SCNCA,dc=ROOTCA"
rootdn        "cn=admin,dc=sonCA,dc=SCNCA,dc=ROOTCA"
rootpw        secret

checkpoint      512 30

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

ServerID 001
"""

and son's log is

"""
<<< dnPrettyNormal: <dc=sonca,dc=scnca,dc=rootca>, <dc=sonca,dc=scnca,dc=rootca>
SRCH "dc=sonca,dc=scnca,dc=rootca" 2 0    0 0 0
ber_scanf fmt (m) ber:
ber_dump: buf=010E1060 ptr=010E109C end=010E1136 len=154
0000: 87 0b 6f 62 6a 65 63 74 43 6c 61 73 73 30 06 04   ..objectClass0..
0010: 01 2a 04 01 2b a0 81 82 30 62 04 18 31 2e 33 2e   .*..+...0b..1.3.
0020: 36 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39   6.1.4.1.4203.1.9
0030: 2e 31 2e 31 04 46 30 44 0a 01 01 04 3c 72 69 64   .1.1.F0D....<rid
0040: 3d 30 30 31 2c 73 69 64 3d 30 30 30 2c 63 73 6e   =001,sid=000,csn
0050: 3d 32 30 31 30 30 38 31 33 30 37 34 38 34 36 2e   =20100813074846.
0060: 34 35 37 32 37 39 5a 23 30 30 30 30 30 30 23 30   457279Z#000000#0
0070: 30 30 23 30 30 30 30 30 30 01 01 ff 30 1c 04 17   00#000000...0...
0080: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33   2.16.840.1.11373
0090: 30 2e 33 2e 34 2e 32 01 01 ff                     0.3.4.2...
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=010E1060 ptr=010E10A9 end=010E1136 len=141
0000: 00 06 04 01 2a 04 01 2b a0 81 82 30 62 04 18 31   ....*..+...0b..1
0010: 2e 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 2e   .3.6.1.4.1.4203.
0020: 31 2e 39 2e 31 2e 31 04 46 30 44 0a 01 01 04 3c   1.9.1.1.F0D....<
0030: 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 30 30 2c   rid=001,sid=000,
0040: 63 73 6e 3d 32 30 31 30 30 38 31 33 30 37 34 38   csn=201008130748
0050: 34 36 2e 34 35 37 32 37 39 5a 23 30 30 30 30 30   46.457279Z#00000
0060: 30 23 30 30 30 23 30 30 30 30 30 30 01 01 ff 30   0#000#000000...0
0070: 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31   ...2.16.840.1.11
0080: 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff            3730.3.4.2...
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=010E1060 ptr=010E10B4 end=010E1136 len=130
0000: 30 62 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e   0b..1.3.6.1.4.1.
0010: 34 32 30 33 2e 31 2e 39 2e 31 2e 31 04 46 30 44   4203.1.9.1.1.F0D
0020: 0a 01 01 04 3c 72 69 64 3d 30 30 31 2c 73 69 64   ....<rid=001,sid
0030: 3d 30 30 30 2c 63 73 6e 3d 32 30 31 30 30 38 31   =000,csn=2010081
0040: 33 30 37 34 38 34 36 2e 34 35 37 32 37 39 5a 23   3074846.457279Z#
0050: 30 30 30 30 30 30 23 30 30 30 23 30 30 30 30 30   000000#000#00000
0060: 30 01 01 ff 30 1c 04 17 32 2e 31 36 2e 38 34 30   0...0...2.16.840
0070: 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01   .1.113730.3.4.2.
0080: 01 ff                                              ..
ber_scanf fmt (m) ber:
ber_dump: buf=010E1060 ptr=010E10D0 end=010E1136 len=102
0000: 00 46 30 44 0a 01 01 04 3c 72 69 64 3d 30 30 31   .F0D....<rid=001
0010: 2c 73 69 64 3d 30 30 30 2c 63 73 6e 3d 32 30 31   ,sid=000,csn=201
0020: 30 30 38 31 33 30 37 34 38 34 36 2e 34 35 37 32   00813074846.4572
0030: 37 39 5a 23 30 30 30 30 30 30 23 30 30 30 23 30   79Z#000000#000#0
0040: 30 30 30 30 30 01 01 ff 30 1c 04 17 32 2e 31 36   00000...0...2.16
0050: 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e   .840.1.113730.3.
0060: 34 2e 32 01 01 ff                                  4.2...
=> get_ctrls: oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical)
ber_scanf fmt ({i) ber:
ber_dump: buf=010E10D2 ptr=010E10D2 end=010E1118 len=70
0000: 30 44 0a 01 01 04 3c 72 69 64 3d 30 30 31 2c 73   0D....<rid=001,s
0010: 69 64 3d 30 30 30 2c 63 73 6e 3d 32 30 31 30 30   id=000,csn=20100
0020: 38 31 33 30 37 34 38 34 36 2e 34 35 37 32 37 39   813074846.457279
0030: 5a 23 30 30 30 30 30 30 23 30 30 30 23 30 30 30   Z#000000#000#000
0040: 30 30 30 01 01 ff                                  000...
ber_scanf fmt (m) ber:
ber_dump: buf=010E10D2 ptr=010E10D7 end=010E1118 len=65
0000: 04 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 30   .<rid=001,sid=00
0010: 30 2c 63 73 6e 3d 32 30 31 30 30 38 31 33 30 37   0,csn=2010081307
0020: 34 38 34 36 2e 34 35 37 32 37 39 5a 23 30 30 30   4846.457279Z#000
0030: 30 30 30 23 30 30 30 23 30 30 30 30 30 30 01 01   000#000#000000..
0040: ff                                                 .
ber_scanf fmt (b) ber:
ber_dump: buf=010E10D2 ptr=010E1115 end=010E1118 len=3
0000: 00 01 ff                                           ...
ber_scanf fmt (}) ber:
ber_dump: buf=010E10D2 ptr=010E1118 end=010E1118 len=0

ber_scanf fmt ({m) ber:
ber_dump: buf=010E1060 ptr=010E1118 end=010E1136 len=30
0000: 00 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31   ....2.16.840.1.1
0010: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff         13730.3.4.2...
ber_scanf fmt (b) ber:
ber_dump: buf=010E1060 ptr=010E1133 end=010E1136 len=3
0000: 00 01 ff                                           ...
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical)
<= get_ctrls: n=2 rc=0 err=""
    attrs: * +
send_ldap_result: conn=1001 op=1 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 2984
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00         0....e........
ldap_write: want=14, written=14
0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00         0....e........
daemon: activity on 5 descriptors
daemon: activity on: 4r
daemon: read activity on 4
daemon: WSselect: listen=2 active_threads=0 tvp=zero
connection_get(4)
daemon: WSselect: listen=3 active_threads=0 tvp=zero
connection_get(4): got connid=1001
connection_read(4): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00                               0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=013E5460 ptr=013E5460 end=013E5465 len=5
0000: 02 01 03 42 00                                     ...B.
op tag 0x42, time 1282112561
ber_get_next
ldap_read: want=8, got=0

ber_get_next on fd 4 failed errno=0 (unknown WSA error)
connection_read(4): input error=-2 id=1001, closing.
connection_closing: readying conn=1001 sd=4 for close
daemon: activity on 1 descriptor
connection_close: deferring conn=1001 sd=4
daemon: waked
daemon: WSselect: listen=2 active_threads=0 tvp=zero
conn=1001 op=2 do_unbind
daemon: WSselect: listen=3 active_threads=0 tvp=zero
connection_resched: attempting closing conn=1001 sd=4
connection_close: conn=1001 sd=4
daemon: removing 4

"""
gtalk:freeespeech@gmail.com

On Mon, Aug 16, 2010 at 10:54 PM, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:

Off list:

owen nirvana schrieb am 16.08.2010 16:08 Uhr:
> However, the method of different search for different node is not effective.
>
> In my configuration of parent CA,
> ''"
> syncrepl rid=001
>          ...
>          searchbase = "dc=sonCA,dc=parentCA,dc=rootCA"
>          ...
> """
Did you try my first glue with multiple databases?
> I believe the reason is the two nodes have not the same DIT.
What did you mean by that?
your tree from dc=sonCA,dc=parenCA,dc=rootCA will be replicated beyond
dc=parenCA,dc=rootCA if you configure it in the right way.
> Maybe syncrepl could not support it.
You better try one of the approaches und post the consumer and provider
config and replication logs to the list (and maybe some data)

Marc