Thanks, I'll create an ITS for that later today. -----Original Message----- From: Howard Chu [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 03:20 To: Spicer, Kevin (MBLEA it) Subject: Re: syncrepl and glue
If the consumer is getting search entries without the expected syncrepl control attached, that means the provider isn't doing its thing. Apparently putting glue in front of syncprov disables syncprov, this is likely a bug in glue. Spicer, Kevin wrote: > -----Original Message----- > From: Howard Chu [mailto:[EMAIL PROTECTED] > > >> The answer is in the description for "subordinate" in slapd.conf(5). >> > You > >> have to exchange the order of the syncprov and glue overlays to prevent >> > > >> the provider from descending into the glued databases. >> > > Thanks, however that doesn't seem to solve the problem of no replication > happening (although it appears to have solved the random changes to db > problem). I have verified that replication works with the subordinate > directives (and 'overlay glue' directive) commented on the provider. > > My database definition on the provider for the superior db contains the > following > > ### START ### > database bdb > suffix "dc=mydomain,dc=com" > rootdn "cn=Manager,dc=mydomain,dc=com" > rootpw XXXXXXXXXXXXXXXXXXXXX > directory /var/db/ldap/central > > > overlay syncprov > overlay glue > overlay ppolicy > > ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com" > ppolicy_use_lockout > > syncprov-checkpoint 100 10 > syncprov-sessionlog 100 > > #Indexes etc. > ### END ### > > The consumer has this... > > ###START### > database bdb > suffix "dc=mydomain,dc=com" > rootdn "cn=Manager,dc=mydomain,dc=com" > rootpw XXXXXXXXXXXXXXXXXXXXXXX > > syncrepl rid=501 > provider=ldaps://master.mydomain.com > type=refreshAndPersist > searchbase="dc=mydomain,dc=com" > filter="(objectClass=*)" > scope=sub > retry="30 10 120 30 300 +" > binddn=cn=syncuser,dc=mydomain,dc=com > bindmethod=simple > credentials=xxxxxx > > updateref ldaps://master.mydomain.com > > directory /var/db/ldap/central > > overlay glue > overlay ppolicy > > ppolicy_default "cn=systemusers,ou=policy,dc=mydomain,dc=com" > ppolicy_use_lockout > > # Indexes... > ###END### > > I have tried it with the ppolicy directives removed on the provider, but > that doesn't have an > impact. I'm seeing the following log lines on the consumer... > > slapd[18668]: [ID 764482 local4.debug] do_syncrep2: got search entry > without control > > (These correspond to binds from the syncuser on the provider) > > Turning up logging on the provider I see this line.. > slapd[20818]: [ID 430416 local4.debug] slap_global_control: unavailable > control: 1.3.6.1.4.1.4203.1.9.1.1 > > > > > > > -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ ================================================================= BMRB wins two BMRA awards - http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
