List,
I have been trying to configure a producer -> consumer setup with 2.4.39 and a mdb backend.
It seems to work, for awhile, but the sync stops when data.mdb is approx 15M, about 1630 entries instead of the 50000 and about 400M...
If I do a slapadd of the data into my consumer it will grow beyond the 15M size...
--snip-- # ldap data database mdb maxsize 1073741824 directory /var/lib/ldap suffix "dc=example,dc=com" rootdn "cn=ldap_admin,dc=example,dc=com" rootpw "{SSHA}0rvO4rPODnqNPqkbDv/vuKm8hXGS7mtG"
# Sync Consumer # The indent is necessary syncrepl rid=002 provider=ldap://ldapmaster.test.example.com type=refreshAndPersist retry="5 5 300 5" searchbase="dc=example,dc=com" filter="(objectclass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials="secret"
-- end snip --
I have set the global options:
-- snip -- sizelimit unlimited timelimit unlimited -- end snip --
...but that didn't help...
I have no clue why or where this is coming from or how to figure out where it goes bottom up..
any pointers ?
thnx !
-- Pascal Kolijn Vrije Universiteit Amsterdam
"Kolijn, P." p.kolijn@vu.nl writes:
It seems to work, for awhile, but the sync stops when data.mdb is approx 15M, about 1630 entries instead of the 50000 and about 400M...
If I do a slapadd of the data into my consumer it will grow beyond the 15M size...
--snip-- # ldap data database mdb maxsize 1073741824 directory /var/lib/ldap suffix "dc=example,dc=com" rootdn "cn=ldap_admin,dc=example,dc=com" rootpw "{SSHA}0rvO4rPODnqNPqkbDv/vuKm8hXGS7mtG"
# Sync Consumer # The indent is necessary syncrepl rid=002 provider=ldap://ldapmaster.test.example.com type=refreshAndPersist retry="5 5 300 5" searchbase="dc=example,dc=com" filter="(objectclass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials="secret"
-- end snip --
I have set the global options:
-- snip -- sizelimit unlimited timelimit unlimited -- end snip --
How many entries do you get if you run
$ ldapsearch -x -H ldap://ldapmaster.test.example.com -D cn=replicator,dc=example,dc=com -W -b dc=example,dc=com
on the consumer (arguments taken from your syncrepl stanza above)?
Peace,
On 09/12/14 13:55, Ferenc Wagner wrote:
"Kolijn, P." p.kolijn@vu.nl writes:
It seems to work, for awhile, but the sync stops when data.mdb is approx 15M, about 1630 entries instead of the 50000 and about 400M...
If I do a slapadd of the data into my consumer it will grow beyond the 15M size...
--snip-- # ldap data database mdb maxsize 1073741824 directory /var/lib/ldap suffix "dc=example,dc=com" rootdn "cn=ldap_admin,dc=example,dc=com" rootpw "{SSHA}0rvO4rPODnqNPqkbDv/vuKm8hXGS7mtG"
# Sync Consumer # The indent is necessary syncrepl rid=002 provider=ldap://ldapmaster.test.example.com type=refreshAndPersist retry="5 5 300 5" searchbase="dc=example,dc=com" filter="(objectclass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials="secret"
-- end snip --
I have set the global options:
-- snip -- sizelimit unlimited timelimit unlimited -- end snip --
How many entries do you get if you run
$ ldapsearch -x -H ldap://ldapmaster.test.example.com -D cn=replicator,dc=example,dc=com -W -b dc=example,dc=com
on the consumer (arguments taken from your syncrepl stanza above)?
As you can see my mail got seriously delayed before it arrived on the list. It is working now, the acl was indeed wrong for the replicator user (I presume that is where the proposed test was for), and my old ldap was a 2.2.xx from years ago and the entryCSN or something like that seem to have changed since then...
After fixing the acl and beginning with an 'empty' directory proved my config was working (more or less) and the old content needed some tweaks...
Thnx, for the help !
Pascal Kolijn Vrije Universiteit Amsterdam
On 09/12/14 15:32, Michael Ströder wrote:
Kolijn, P. wrote:
syncrepl rid=002 [..] attrs="*"
Why to limit the attributes to user attributes? This will certainly break syncrepl.
Ciao, Michael.
Ah, you are right, I think...
:o)
...but what are the 'operational attributes' exactly the man page is referring to ? It seems to work ok with just the '*' now I have not extensively tested yet, just glad it is replicating stuff now to consumers and to other master. So what will I be missing or breaking if I ommit the ',+' ?
Pascal Kolijn Vrije Universiteit Amsterdam
Pascal Kolijn wrote:
On 09/12/14 15:32, Michael Ströder wrote:
Kolijn, P. wrote:
syncrepl rid=002 [..] attrs="*"
Why to limit the attributes to user attributes? This will certainly break syncrepl.
Ah, you are right, I think...
:o)
...but what are the 'operational attributes' exactly the man page is referring to ? It seems to work ok with just the '*' now I have not extensively tested yet, just glad it is replicating stuff now to consumers and to other master. So what will I be missing or breaking if I ommit the ',+' ?
Attribute 'entryCSN'.
Ciao, Michael.
Michael Ströder wrote:
Pascal Kolijn wrote:
On 09/12/14 15:32, Michael Ströder wrote:
Kolijn, P. wrote:
syncrepl rid=002 [..] attrs="*"
Why to limit the attributes to user attributes? This will certainly break syncrepl.
Ah, you are right, I think...
:o)
...but what are the 'operational attributes' exactly the man page is referring to ? It seems to work ok with just the '*' now I have not extensively tested yet, just glad it is replicating stuff now to consumers and to other master. So what will I be missing or breaking if I ommit the ',+' ?
Attribute 'entryCSN'.
That dependency was fixed over a decade ago. The syncrepl consumer explicitly requests the operational attrs that it needs, if they weren't already present in the configuration.
openldap-technical@openldap.org
-
Ferenc Wagner -
Howard Chu -
Kolijn, P. -
Michael Ströder -
Pascal Kolijn