Hi, I am currently working on setting up a new openldap environment, based on the current stable version of 2.4.34
I have two servers, ldap1 and ldap2, which are performing mirror-mode multi-master replication.
When ldap1 and ldap2 are both up, adds/deletes/modifications are replicated correctly.
When ldap1 is up and ldap2 is down, adds/modifications can be performed successfully against ldap1, and when ldap2 comes back up, changes are replicated successfully.
Problem is, if ldap2 is down, and a deletion occurs against ldap1, when ldap2 comes back up, the deletion is not replicated.
Here are my slapd.confs for each server
ldap1: ----------------------------- include /opt/openldap/etc/openldap/schema/core.schema pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args moduleload syncprov.la moduleload accesslog.la moduleload back_bdb.la serverID 1
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}zViBuH78jtg/BKtT1sZHNp7gwWnlCWDk directory /opt/openldap/var/openldap-data checkpoint 10240 720 cachesize 50000 dbconfig set_cachesize 0 524288000 1 dbconfig set_lk_max_locks 3000 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 syncrepl rid=001 provider=ldap://ldap2.example.com:389 binddn="cn=manager,dc=example,dc=com" bindmethod=simple credentials=password searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:01 retry="60 +" schemachecking=on
index objectClass eq index entryUUID eq index entryCSN eq
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE syncprov-checkpoint 100 1
ldap2: ----------------------------- include /opt/openldap/etc/openldap/schema/core.schema pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args moduleload syncprov.la moduleload accesslog.la moduleload back_bdb.la serverID 2
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}zViBuH78jtg/BKtT1sZHNp7gwWnlCWDk directory /opt/openldap/var/openldap-data checkpoint 10240 720 cachesize 50000 dbconfig set_cachesize 0 524288000 1 dbconfig set_lk_max_locks 3000 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 syncrepl rid=001 provider=ldap://ldap1.example.com:389 binddn="cn=manager,dc=example,dc=com" bindmethod=simple credentials=password searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:01 retry="60 +" schemachecking=on
index objectClass eq index entryUUID eq index entryCSN eq
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE syncprov-checkpoint 100 1
Here is the logging output at level 16384
ldap1: ----------------------------- 51401797 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable 51401797 slapd starting 51401797 do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE 514017ae do_syncrep2: rid=001 (-1) Can't contact LDAP server 514017ae do_syncrepl: rid=001 rc -1 retrying 514017c9 slap_queue_csn: queing 0x7fa53f0c5020 20130313060809.655329Z#000000#001#000000 514017c9 slap_graduate_commit_csn: removing 0x7fa530100910 20130313060809.655329Z#000000#001#000000 514017cc syncprov_search_response: cookie=rid=001,sid=001,csn=20130313060809.655329Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 514017e8 slap_queue_csn: queing 0x7fa53e8c4470 20130313060840.173887Z#000000#001#000000 514017e8 slap_graduate_commit_csn: removing 0x7fa534101170 20130313060840.173887Z#000000#001#000000 514017ea slap_client_connect: URI=ldap://ldap2.example.com:389 DN="cn=manager,dc=example,dc=com" ldap_sasl_bind_s failed (-1) 514017ea do_syncrepl: rid=001 rc -1 retrying 514017ed syncprov_search_response: cookie=rid=001,sid=001,csn=20130313060840.173887Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 51401826 do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
ldap2: ----------------------------- 514017ed bdb_monitor_db_open: monitoring disabled; configure monitor database to enable 514017ed slapd starting 514017ed do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE 514017ed do_syncrep2: rid=001 cookie=rid=001,sid=001,csn=20130313060840.173887Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 514017ed slap_queue_csn: queing 0x7f5070109540 20130313060840.173887Z#000000#001#000000 514017ed slap_graduate_commit_csn: removing 0x7f50701096b0 20130313060840.173887Z#000000#001#000000
Heres the command I'm using on the client to perform the delete:
While ldap2 is offline, ldapdelete -h ldap1 -x -r -D "cn=manager,dc=example,dc=com" -w password "ou=groups,dc=example,dc=com"
Let me know if you want any further information
I'm sure its something stupid I'm missing, but would appreciate any assistance with this.
Cheers, Adam
Adam schrieb (13.03.2013 07:18 Uhr):
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE
man slapo-syncprov:
syncprov-nopresent TRUE | FALSE Specify that the Present phase of refreshing should be skipped. This value should only be set TRUE for a syncprov instance on top of a log database (such as one managed by the accesslog overlay). The default is FALSE.
Did you set this on purpose?
Marc
Sorry, copied the config from one of our other environments, and didn't even notice this.
guess more RTFM was required.
Sorry for wasting your time, but thanks for the help.
Cheers, Adam
On 13/03/13 18:54, Marc Patermann wrote:
Adam schrieb (13.03.2013 07:18 Uhr):
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE
man slapo-syncprov:
syncprov-nopresent TRUE | FALSE Specify that the Present phase of refreshing should be skipped. This value should only be set TRUE for a syncprov instance on top of a log database (such as one managed by the accesslog overlay). The default is FALSE.
Did you set this on purpose?
Marc
On 03/13/2013 07:18 AM, Adam wrote:
Hi, I am currently working on setting up a new openldap environment, based on the current stable version of 2.4.34
I have two servers, ldap1 and ldap2, which are performing mirror-mode multi-master replication.
When ldap1 and ldap2 are both up, adds/deletes/modifications are replicated correctly.
When ldap1 is up and ldap2 is down, adds/modifications can be performed successfully against ldap1, and when ldap2 comes back up, changes are replicated successfully.
Problem is, if ldap2 is down, and a deletion occurs against ldap1, when ldap2 comes back up, the deletion is not replicated.
Here are my slapd.confs for each server
ldap1:
include /opt/openldap/etc/openldap/schema/core.schema pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args moduleload syncprov.la moduleload accesslog.la moduleload back_bdb.la serverID 1
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}zViBuH78jtg/BKtT1sZHNp7gwWnlCWDk directory /opt/openldap/var/openldap-data checkpoint 10240 720 cachesize 50000 dbconfig set_cachesize 0 524288000 1 dbconfig set_lk_max_locks 3000 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 syncrepl rid=001 provider=ldap://ldap2.example.com:389 binddn="cn=manager,dc=example,dc=com" bindmethod=simple credentials=password searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:01 retry="60 +" schemachecking=on
index objectClass eq index entryUUID eq index entryCSN eq
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE syncprov-checkpoint 100 1
ldap2:
include /opt/openldap/etc/openldap/schema/core.schema pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args moduleload syncprov.la moduleload accesslog.la moduleload back_bdb.la serverID 2
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}zViBuH78jtg/BKtT1sZHNp7gwWnlCWDk directory /opt/openldap/var/openldap-data checkpoint 10240 720 cachesize 50000 dbconfig set_cachesize 0 524288000 1 dbconfig set_lk_max_locks 3000 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_lockers 1500 dbconfig set_lg_regionmax 262144 dbconfig set_lg_bsize 2097152 syncrepl rid=001 provider=ldap://ldap1.example.com:389 binddn="cn=manager,dc=example,dc=com" bindmethod=simple credentials=password searchbase="dc=example,dc=com" type=refreshAndPersist interval=00:00:00:01 retry="60 +" schemachecking=on
index objectClass eq index entryUUID eq index entryCSN eq
mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE syncprov-checkpoint 100 1
Here is the logging output at level 16384
ldap1:
51401797 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable 51401797 slapd starting 51401797 do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE 514017ae do_syncrep2: rid=001 (-1) Can't contact LDAP server 514017ae do_syncrepl: rid=001 rc -1 retrying 514017c9 slap_queue_csn: queing 0x7fa53f0c5020 20130313060809.655329Z#000000#001#000000 514017c9 slap_graduate_commit_csn: removing 0x7fa530100910 20130313060809.655329Z#000000#001#000000 514017cc syncprov_search_response: cookie=rid=001,sid=001,csn=20130313060809.655329Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 514017e8 slap_queue_csn: queing 0x7fa53e8c4470 20130313060840.173887Z#000000#001#000000 514017e8 slap_graduate_commit_csn: removing 0x7fa534101170 20130313060840.173887Z#000000#001#000000 514017ea slap_client_connect: URI=ldap://ldap2.example.com:389 DN="cn=manager,dc=example,dc=com" ldap_sasl_bind_s failed (-1) 514017ea do_syncrepl: rid=001 rc -1 retrying 514017ed syncprov_search_response: cookie=rid=001,sid=001,csn=20130313060840.173887Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 51401826 do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
ldap2:
514017ed bdb_monitor_db_open: monitoring disabled; configure monitor database to enable 514017ed slapd starting 514017ed do_syncrep2: rid=001 LDAP_RES_INTERMEDIATE - REFRESH_DELETE 514017ed do_syncrep2: rid=001 cookie=rid=001,sid=001,csn=20130313060840.173887Z#000000#001#000000;20130313054634.762054Z#000000#002#000000 514017ed slap_queue_csn: queing 0x7f5070109540 20130313060840.173887Z#000000#001#000000 514017ed slap_graduate_commit_csn: removing 0x7f50701096b0 20130313060840.173887Z#000000#001#000000
Heres the command I'm using on the client to perform the delete:
While ldap2 is offline, ldapdelete -h ldap1 -x -r -D "cn=manager,dc=example,dc=com" -w password "ou=groups,dc=example,dc=com"
Let me know if you want any further information
I'm sure its something stupid I'm missing, but would appreciate any assistance with this.
Cheers, Adam
Hi,
ITS 7531 may also be of interest.
openldap-technical@openldap.org
-
Adam -
Jan Synacek -
Marc Patermann