On Tuesday 14 October 2008 13:18:37 Karthik Dathathri wrote: > I was trying to setup replication using syncrepl with openldap 2.4.11 > on two machines running RHEL 5.0 > > The provider has approximately 1000 entries in the directory. > > On the consumer side, I am getting the following error after > synchronization of around 500 records. > > Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 > cn=Delfin Labarge,ou=Payroll,dc=example,dc=com > Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 be_add > (0) > Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 > LDAP_RES_SEARCH_RESULT > Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 (4) Size > limit exceeded > > I am using "refreshOnly" syncrepl in the consumer. > > The syncrepl user dn is uid=syncrepl,ou=System,dc=example,dc=com > > and added this dn as a member to a group called LDAPAdmins > (cn=LDAPAdmins,ou=Groups,dc=example,dc=com) > > slapd.conf configuration at the consumer end is as follows:
This is irrelevant, searches are done against the provider, not the consumer. > > # Replicas running syncrepl as non-rootdn need unrestricted size/time > limits: > limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" > size=unlimited > time=unlimited > > #SyncRepl slave configuration > syncrepl rid=001 > provider=ldap://16.167.10.25 > type=refreshOnly > interval=00:00:05:00 > searchbase="dc=example,dc=com" > binddn="uid=syncrepl,ou=System,dc=example,dc=com" > credentials=secret > timelimit=unlimited > sizelimit=unlimited > > slapd.conf configuration at the provider is as follows: > > #Global ACL for replication > access to * > by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" read > by anonymous read So, access to * by * read would work, and you can't be sure that your group is working from the ACLs .... > > # syncprov > index entryCSN,entryUUID eq > > # Replicas running syncrepl as non-rootdn need unrestricted size/time > limits: > limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" > size=unlimited > time=unlimited So, if you do a search as your uid=syncrepl DN (with ldapsearch), how many entries do you get, and what result code do you get? > > # ACL ensuring replicator has write access Syncrepl does not require that any replication DN has write access anywhere ... > access to * > by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" write > by * read > > #syncprov overlay configuration > overlay syncprov > syncprov-checkpoint 50 10 > syncprov-sessionlog 100 > > Any pointers would be appreciated. If someone needs more information > about the environment, please > let me know. It;s possible to test some of your configuration manually, which I would normally do *first* (before configuring the consumer). Regards, Buchan
