--On Monday, November 6, 2023 2:00 PM +0000 michael.frank@airbus.com wrote:
Dear list,
here is additional sync log after initially established proper sync and then the consumer openldap service on (solaris, 2,4) is restarted:
Config on Consumer - only with one group in syncrepl:
olcSynrepl {0}rid=004 provider=ldaps://xsdfsxcxc01.xxx1.dddds.XXX.yyy.zzz:636 binddn="cn=mmrepl,ou=services,dc=XXX,dc=yyy,dc=zzz" bindmethod=simple credentials=gdfgdfhgdfh123 searchbase="dc=XXX,dc=yyy,dc=zzz" type=refreshAndPersist retry="60 +" filter="(|(&(objectClass=posixGroup)(ou:dn:=XXXCoreUserGroups)))" scope=sub attrs="*,+" schemachecking=off olcSynrepl {1}rid=044 provider=ldaps://dddd04nsgdfgdfhgdfh02.dddd04.dddds.XXX.yyy.zzz:636 binddn="cn=mmrepl,ou=services,dc=XXX,dc=yyy,dc=zzz" bindmethod=simple credentials=gdfgdfhgdfhR6804! searchbase="dc=XXX,dc=yyy,dc=zzz" type=refreshAndPersist retry="60 +" filter="(|(&(objectClass=posixGroup)(ou:dn:=XXXCoreUserGroups)))" scope=sub attrs="*,+" schemachecking=off
You're doing partial replication, which has very strict requirements. The logs show it cannot find the CSN recorded in the DB, and this is likely why.
--Quanah