Understanding sync log for delta syncrepl - openldap-technical

17 Mar 2025


      Hi!
Most likely I misconfigured the accesslog databases used for delta syncrepl (I'm still working on it), but I have some trouble understanding the logs created.
I have two identical servers (SIDs 5 and 6) that also have an identical cn=config that is to be synced as well)
I created two accesslog databases, one for cn=config, and one for the main database.
For SDID=5 I see messages like:
Mar 14 15:17:39 v05 slapd[26377]: do_syncrep1: rid=006 starting refresh (sending cookie=rid=006,sid=005,csn=20250314000000.000000Z#000000#000#000000;20250314000000.000000Z#000000#001#000000;20200721123717.002866Z#000000#002#000000;20181031083258.073732Z#000000#003#000000;20250314000002.000000Z#000000#005#000000;20250227092006.790591Z#000000#006#000000)
Mar 14 15:17:39 v05 slapd[26377]: do_syncrep2: rid=006 LDAP_RES_SEARCH_RESULT
Mar 14 15:17:39 v05 slapd[26377]: do_syncrepl: rid=006 rc -101 retrying
Mar 14 15:17:39 v05 slapd[26377]: do_syncrep1: rid=006 starting refresh (sending cookie=rid=006,sid=005,csn=20130719093756.074776Z#000000#000#000000;20250217105250.345944Z#000000#001#000000;20250218171739.629994Z#000000#002#000000;20250217065706.238392Z#000000#003#000000;20250227092327.859231Z#000000#005#000000;20250227092348.803001Z#000000#006#000000)
Mar 14 15:17:39 v05 slapd[26377]: do_syncrep2: rid=006 got search entry without Sync State control (reqStart=20250314114001.000003Z,cn=changelog-1)
Mar 14 15:17:39 v05 slapd[26377]: do_syncrepl: rid=006 rc -1 retrying
For the same time interval I see for SID=6:
Mar 14 15:17:26 v06 slapd[14537]: do_syncrep1: rid=005 starting refresh (sending cookie=rid=005,sid=006,csn=20130719093756.074776Z#000000#000#000000;20250217105250.345944Z#000000#001#000000;20250218171739.629994Z#000000#002#000000;20250217065706.238392Z#000000#003#000000;20250227092327.859231Z#000000#005#000000;20250227092348.803001Z#000000#006#000000)
Mar 14 15:17:26 v06 slapd[14537]: do_syncrep2: rid=005 LDAP_RES_SEARCH_RESULT
Mar 14 15:17:26 v06 slapd[14537]: do_syncrepl: rid=005 rc -101 retrying
Mar 14 15:17:26 v06 slapd[14537]: do_syncrep1: rid=005 starting refresh (sending cookie=rid=005,sid=006,csn=20250314000000.000000Z#000000#000#000000;20250314000000.000000Z#000000#001#000000;20200721123717.002866Z#000000#002#000000;20181031083258.073732Z#000000#003#000000;20250314000002.000000Z#000000#005#000000;20250227092006.790591Z#000000#006#000000)
Mar 14 15:17:26 v06 slapd[14537]: do_syncrep2: rid=005 got search entry without Sync State control (reqStart=20250314123529.000001Z,cn=changelog-0)
Mar 14 15:17:26 v06 slapd[14537]: do_syncrepl: rid=005 rc -1 retrying
(no corelated messages on Node 1)
Mar 14 15:17:39 v06 slapd[14537]: send_search_entry: conn 1021  ber write failed.
Specifically I wonder what the "rc -101 retrying" is really about: the servers should be able to connect to each other.
Also what "got search entry without Sync State control" means.
Finally I also have a "rc -1 retrying" and the "ber write failed".
I really don't know where to start debugging.
The first syncprov is.
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 10
My first accesslog looks like:
dn: olcOverlay={1}accesslog,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=changelog-0
olcAccessLogOps: writes
olcAccessLogPurge: 60+00:00 1+00:00
olcAccessLogSuccess: FALSE
olcAccessLogOld: (objectClass=*)
The second syncprov is:
dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 100
The second accesslog is:
dn: olcOverlay={1}accesslog,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=changelog-1
olcAccessLogOps: writes
olcAccessLogPurge: 60+00:00 1+00:00
olcAccessLogSuccess: FALSE
olcAccessLogOld: (objectClass=*)
And the databases are:
dn: olcDatabase={3}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbDirectory: /var/lib/ldap/changelog-0
olcSuffix: cn=changelog-0
olcAccess: {0}to * by dn.exact="uid=syncrepl,..." read by * break
olcLimits: {0}dn.exact="uid=syncrepl,..." size.soft=unlimited
olcRootDN: cn=admin,cn=changelog-0
olcRootPW: log-0
dn: olcDatabase={4}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbDirectory: /var/lib/ldap/changelog-1
olcSuffix: cn=changelog-1
olcAccess: {0}to * by dn.exact="uid=syncrepl,..." read by * break
olcLimits: {0}dn.exact="uid=syncrepl,..." size.soft=unlimited
olcRootDN: cn=admin,cn=changelog-1
olcRootPW: log-1
The syncrepl definitions are like this:
olcSyncrepl: {0}rid=5 provider="ldap://v05 /" searchbase="cn=config" type="refreshAndPersist" \
retry="60 5 300 5 1800 +" logbase=cn=changelog-0 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" \
schemachecking=on syncdata=accesslog starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,..." credentials="replicationtest"
olcSyncrepl: {1}rid=6 provider="ldap://v06 /" searchbase="cn=config" type="refreshAndPersist" \
retry="60 5 300 5 1800 +" logbase=cn=changelog-0 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" \
schemachecking=on syncdata=accesslog starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,..." credentials="replicationtest"
olcSyncrepl: {0}rid=5 provider="ldap:// v05 /" searchbase="dc=..." type="refreshAndPersist" \
retry="60 5 300 5 1800 +" logbase=cn=changelog-1 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on syncdata=accesslog \
starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,..." credentials="replicationtest"
olcSyncrepl: {1}rid=6 provider="ldap://v06 /" searchbase="dc=... " type="refreshAndPersist" \
retry="60 5 300 5 1800 +" logbase=cn=changelog-1 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on syncdata=accesslog \
starttls=critical tls_reqcert=demand bindmethod="simple" binddn="uid=syncrepl,..." credentials="replicationtest"
Kind regards,
Ulrich Windl