Hello,
I'm trying to get syncrepl work from a provider that is configured as a back-ldap to an Active Directory with the translucent overlay. Although the master is also an OpenLDAP, since it uses the back-ldap backend to AD, the entryUUID and entryCSN fields are not present, thus preventing syncrepl from working.
But I really only need to replicate the local modifications stored in my translucent (HDB). And doing a slapcat shows that the entryUUID and entryCSN are present in the translucent DB. So I'm wondering if there's a way to tell syncrepl to bother only with entries stored in my hdb, and ignore anything that doesn't have the entryUUID/CSN fields (the fields proxied from AD).
I'm getting the following error on the slave: syncrepl_entry: rid=100 entry unchanged, ignored (dc=testdomain,dc=org) do_syncrep2: rid=100 got empty syncUUID with LDAP_SYNC_ADD
Server in the example (using OpenLDAP 2.4.11 on Debian Lenny): tst-dc01.testdomain.org = Active Directory ldap.tst.testdomain.org = OpenLDAP master ldap-slave.tst.testdomain.org = OpenLDAP slave
Master configuration: --------------------- include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/testdomain.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap moduleload back_ldap moduleload back_hdb moduleload translucent moduleload syncprov
TLSCACertificateFile /etc/ssl/certs/testdomainca.pem TLSCertificateFile /etc/ldap/ssl/ldap.tst.testdomain.org.crt TLSCertificateKeyFile /etc/ldap/ssl/ldap.tst.testdomain.org.key TLSVerifyClient never
defaultsearchbase "dc=testdomain,dc=org"
sizelimit unlimited
backend hdb backend ldap
database hdb directory /var/lib/ldap suffix "dc=testdomain,dc=org" index objectclass,entryCSN,entryUUID eq rootdn cn=ldaproot,dc=testdomain,dc=org rootpw blah
overlay translucent uri "ldap://tst-dc01.testdomain.org" idassert-bind bindmethod=simple binddn="CN=readonly,DC=testdomain,DC=org" credentials="pw" mode=none chase-referrals no rebind-as-user yes lastmod on translucent_strict
overlay syncprov syncprov-checkpoint 64 30 syncprov-sessionlog 1024
access to dn.subtree="dc=testdomain,dc=org" by * read
Slave configuration: -------------------- include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/testdomain.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap moduleload back_ldap moduleload back_hdb moduleload translucent
TLSCACertificateFile /etc/ssl/certs/testdomainca.pem TLSCertificateFile /etc/ldap/ssl/ldap-slave.tst.testdomain.org.crt TLSCertificateKeyFile /etc/ldap/ssl/ldap-slave.tst.testdomain.org.key TLSVerifyClient never
defaultsearchbase "dc=testdomain,dc=org"
sizelimit unlimited
backend hdb backend ldap
database hdb directory /var/lib/ldap suffix "dc=testdomain,dc=org" index objectclass,entryCSN,entryUUID eq rootdn cn=ldaproot,dc=testdomain,dc=org rootpw blah
syncrepl rid=100 provider=ldaps://ldap.tst.testdomain.org type=refreshAndPersist interval=00:00:15:00 retry="300 20 7200 +" searchbase="dc=testdomain,dc=org" attrs="gecos" schemachecking=off bindmethod=simple binddn="CN=repl,DC=testdomain,DC=org" credentials="pw"
overlay translucent uri "ldap://tst-dc01.testdomain.org ldap://tst-dc02.testdomain.org" idassert-bind bindmethod=simple binddn="CN=readonly,DC=testdomain,DC=org" credentials="pw" mode=none chase-referrals no rebind-as-user yes lastmod on translucent_strict
access to dn.subtree="dc=testdomain,dc=org" by * read
Thanks for any info! -- Pascal
openldap-technical@openldap.org