Hi all

I was reading this post in openldap-technical forum.

I am in the process to install a full authenticate service here using samba and openldap, my pdc and bdc are ldap based servers, and are in different locations, using a router to connect them, then. a full master ldap is needed in these two locations.

I have two ldap servers in mirror mode (in a virtual machines, using vmware), these two servers are time synchronized using the same time server.

When a update a ldap entry in one server, the data replicate fine, but when I use the other, I have the following error in my logs.

Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2: cookie=rid=002,sid=002,csn=20090429165015.624045Z#000000#001#000000

Apr 29 11:50:15 srvped2master slapd[7377]: do_syncrep2: rid=002 CSN too old, ignoring 20090429165015.624045Z#000000#001#000000

The time is very difficult to maintain in sync when virtual machines are in use, and Openldap servers are extremely sensitive to time lag.

Apparently this is a bug in ldap 2.4.11 and will be fixed in ldap 2.4.16

http://www.openldap.org/lists/openldap-bugs/200903/msg00202.html http://www.openldap.org/lists/openldap-bugs/200903/msg00202.html

Anyone could solve the problem?

Im using debian lenny

srvped2master:/etc/ldap# apt-cache policy slapd

slapd:

Installed: 2.4.11-1

Candidate: 2.4.11-1

Version table:

*** 2.4.11-1 0

500 http://ftp.us.debian.org lenny/main Packages

100 /var/lib/dpkg/status

This is my slapd.conf

#################

serverID 1

include /etc/ldap/schema/core.schema

include /etc/ldap/schema/cosine.schema

include /etc/ldap/schema/nis.schema

include /etc/ldap/schema/inetorgperson.schema

include /etc/ldap/schema/samba.schema

include /etc/ldap/schema/misc.schema

pidfile /var/run/slapd/slapd.pid

argsfile /var/run/slapd/slapd.args

loglevel 16384

modulepath /usr/lib/ldap

moduleload back_hdb

moduleload syncprov

sizelimit 500

tool-threads 1

backend hdb

database hdb

suffix "dc=avhlima,dc=edu,dc=pe"

rootdn "cn=admin,dc=avhlima,dc=edu,dc=pe"

directory "/var/lib/ldap"

dbconfig set_cachesize 0 2097152 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks 1500

dbconfig set_lk_max_lockers 1500

syncrepl rid=001

provider=ldap://192.168.4.8

type=refreshAndPersist

retry="60 +"

searchbase="dc=avhlima,dc=edu,dc=pe"

attrs="*,+"

bindmethod=simple

binddn="cn=admin,dc=avhlima,dc=edu,dc=pe"

credentials=XXXXXXXXXXXX

mirrormode on

index objectClass eq

index cn pres,sub,eq

index sn pres,sub,eq

index uid pres,sub,eq

index displayName pres,sub,eq

index uidNumber eq

index gidNumber eq

index memberUID eq

index sambaSID eq

index sambaPrimaryGroupSID eq

index sambaDomainName eq

index default sub

lastmod on

checkpoint 512 30

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange

by dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write

by anonymous auth

by self write

by * none

access to dn.base="" by * read

access to *

by dn="cn=admin,dc=avhlima,dc=edu,dc=pe" write

by * read

##########################

The diff between servers are only in:

serverID 2

syncrepl rid=002

provider=ldap://192.168.3.8

Thanx 4 your time

Victor