We have 4 openldap servers, 1 and 2 are masters with mirror mode., 3 and 4 are slaves. 3 and 4 sometimes get out of sync with masters. But a few minutes or a few hours later, it can get synced again with some "random" events. The reason I call it "random" because I could not find any patter yet. This happens almost every day.

What I found is 3 and 4 (consumer) sometime get newer entryCSN than 1 and 2 (provider)

for example

on 1 and 2 entryCSN: 20130115190406.091431Z#000000#001#000000

on 3 and 4 entryCSN: 20130116183923.969790Z#000000#000#000000

I have confirmed that with the following syncrepl config, we can not update entry on 3 or 4 directly. (ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral). So that exclude the possibility 3 and 4 get updated directly from ldap client.

Any direction?

Thanks

Frank

Attachment: sync config portion

#server 1 serverID 1 syncrepl rid=001 provider=ldap://s2.domain.com bindmethod=simple binddn="cn=Manager,dc=domain,dc=com" credentials=xxxxxxx searchbase="dc=domain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on

#server 2 serverID 2 syncrepl rid=002 provider=ldap://s1.domain.com bindmethod=simple binddn="cn=Manager,dc=domain,dc=com" credentials=xxxxxxx searchbase="dc=domain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on

#server 3 syncrepl rid=003 provider=ldap://ldaptm.domain.com bindmethod=simple binddn="cn=Manager,dc=domain,dc=com" credentials=xxxxxxx searchbase="dc=domain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +"

#server 4 syncrepl rid=004 provider=ldap://ldaptm.domain.com bindmethod=simple binddn="cn=Manager,dc=domain,dc=com" credentials=xxxxxxx searchbase="dc=domain,dc=com" schemachecking=on type=refreshAndPersist retry="60 +"

As you noticed, ldaptm.domain.com is a virtual service on load balancer with server 1 and 2 behind