HI!
I have a replication topology with providers running with MMR and a layer of r/o consumers.. - spread across three data centers - in two different countries (DE and foreign country)
Network traffic between the countries has higher latency so consumers are only accessing providers within the same country. Write operations go nearly 100% to a single provider in Germany.
All systems are using these overlays: - slapo-ppolicy (mostly for password expiry) - slapo-lastbind overlays - slapo-accesslog (yes, also on consumers)
Now occasionally contextCSN values differ most times for a couple of minutes on the consumers in the foreign country from their local providers.
I cannot tell exactly which conditions are causing this. But I observed that most times there was a login failure on the provider in Germany which results in 'pwdChangedTime' being set and replicated to the consumers. Most times followed by 'authTimestamp' being correctly set.
So I wonder whether the differences of the contextCSN values could be caused by 'pwdChangedTime' and 'authTimestamp' being replicated to providers but not to consumers.
Any clue? Thanks in advance.
Ciao, Michael.
Forgot this info:
OpenLDAP 2.4.39 with back-mdb
syncrepl: refreshAndPersist with keepalive set, authc with SASL/EXTERNAL based on TLS client certs
On Fri, 15 Aug 2014 12:21:30 +0200 "Michael Ströder" michael@stroeder.com wrote
HI!
I have a replication topology with providers running with MMR and a layer of r/o consumers..
- spread across three data centers
- in two different countries (DE and foreign country)
Network traffic between the countries has higher latency so consumers are only accessing providers within the same country. Write operations go nearly 100% to a single provider in Germany.
All systems are using these overlays:
- slapo-ppolicy (mostly for password expiry)
- slapo-lastbind overlays
- slapo-accesslog (yes, also on consumers)
Now occasionally contextCSN values differ most times for a couple of minutes on the consumers in the foreign country from their local providers.
I cannot tell exactly which conditions are causing this. But I observed that most times there was a login failure on the provider in Germany which results in 'pwdChangedTime' being set and replicated to the consumers. Most times followed by 'authTimestamp' being correctly set.
So I wonder whether the differences of the contextCSN values could be caused by 'pwdChangedTime' and 'authTimestamp' being replicated to providers but not to consumers.
Any clue? Thanks in advance.
Ciao, Michael.
--On Friday, August 15, 2014 1:21 PM +0200 Michael Ströder michael@stroeder.com wrote:
Any clue? Thanks in advance.
Yes, known issues.
Fixed slapd syncrepl to send cookie on fallback (ITS#7849) Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Friday, August 15, 2014 1:21 PM +0200 Michael Ströder michael@stroeder.com wrote:
Any clue? Thanks in advance.
Yes, known issues.
Fixed slapd syncrepl to send cookie on fallback (ITS#7849) Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
So I'm looking forward to release of 2.4.40 (after ITS#7921). :-)
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount