Forgot this info:
OpenLDAP 2.4.39 with back-mdb
refreshAndPersist with keepalive set,
authc with SASL/EXTERNAL based on TLS client certs
On Fri, 15 Aug 2014 12:21:30 +0200 "Michael Ströder"
I have a replication topology with providers running with MMR and a layer of
- spread across three data centers
- in two different countries (DE and foreign country)
Network traffic between the countries has higher latency so consumers are
only accessing providers within the same country.
Write operations go nearly 100% to a single provider in Germany.
All systems are using these overlays:
- slapo-ppolicy (mostly for password expiry)
- slapo-lastbind overlays
- slapo-accesslog (yes, also on consumers)
Now occasionally contextCSN values differ most times for a couple of minutes
on the consumers in the foreign country from their local providers.
I cannot tell exactly which conditions are causing this. But I observed that
most times there was a login failure on the provider in Germany which results
in 'pwdChangedTime' being set and replicated to the consumers. Most times
followed by 'authTimestamp' being correctly set.
So I wonder whether the differences of the contextCSN values could be caused
by 'pwdChangedTime' and 'authTimestamp' being replicated to providers but
Any clue? Thanks in advance.
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
E-Mail: michael(a)stroeder.com http://www.stroeder.com