Replication failling and not retrieving all entries

Mon, 08 Dec 2008 10:33:04 -0800 

Hi All,

I have a big network with one master openldap 2.3.30 running on Debian Etch
fully updated.

I have other 27 consumers using replication on refresAndPersist type working
100% fine with one exception.

This exception have the same configurations off all other servers. I have
already changed the WAN provider (it was planned to change it), the switch
where the server is connected, network cable, the hole server and nothing
seems to change the strange behavior.

What happens is this specific machine does not receive all the 8323 objects
from the master. On debug mode it does not show any error. The openldap
simply thinks the replica have finished. Then some seconds later it start
replicating again but not from the stop point. The best that I have is 5217
objects replicated.

My conf on this server was copied from another working installation and then
changed the "rid".

This is how my conf is:
#######################################################################
# SCHEMAS
#######################################################################
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/misc.schema
include         /etc/ldap/schema/samba.schema


#######################################################################
# GERAL
#######################################################################
#allow bind_v2
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        4 64 16384
sizelimit 20000
tool-threads 1


#######################################################################
# MODULOS
#######################################################################
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      syncprov


#######################################################################
# BACKEND
#######################################################################
backend         bdb
checkpoint 512 30


#######################################################################
# DATABASE
#######################################################################
database        bdb
suffix          "dc=company"
rootdn          "cn=replicator,dc=company"
rootpw          {SSHA}password
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod         on


######################################################################
# ACL
######################################################################
access to dn.base=""
        by * read

access to *
        by dn="cn=admin,dc=company" write
        by dn="cn=replicator,dc=company" write
        by * read

access to
attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
        by dn="cn=admin,dc=company" write
        by dn="cn=replicator,dc=company" write
        by self write
        by anonymous auth
        by * none



######################################################################
# TLS
######################################################################
TLSCipherSuite  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP
TLSCACertificateFile /etc/ldap/certs/cacert.pem
TLSCertificateFile /etc/ldap/certs/servercrt.pem
TLSCertificateKeyFile /etc/ldap/certs/serverkey.pem
TLSVerifyClient never


######################################################################
# REPLICACAO
######################################################################
syncrepl rid=51
        provider=ldaps://ldap
        bindmethod=simple
        binddn="cn=replicator,dc=company"
        credentials=password
        searchbase="dc=company"
        schemachecking=off
        type=refreshAndPersist
        retry="30 30 600 72"

######################################################################
# Indices
######################################################################
index           cn                              pres,sub,eq
index           sn                              pres,sub,eq
index           uid                             pres,sub,eq
index           displayName                     pres,sub,eq
index           memberUid                       eq,subinitial
index           mail                            eq,subinitial
index           givenname                       eq,subinitial
index           uidNumber                       eq
index           gidNumber                       eq
index           entryUUID                       eq
index           sambaSID                        eq
index           sambaPrimaryGroupSID            eq
index           sambaDomainName                 eq
index           objectClass                     eq
index           sambaGroupType                  eq
index           sambaSIDList                    eq
index           uniqueMember                    eq
index           entryCSN                        eq

When the replication stops the log just shows:

Dec  8 15:55:09 mg slapd[6529]: syncrepl_entry:
LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)

Dec  8 15:55:09 mg slapd[6529]: bdb_idl_fetch_key: [7cdee34d]
Dec  8 15:55:09 mg slapd[6529]: send_ldap_result: err=0 matched="" text=""
Dec  8 15:55:09 mg slapd[6529]: syncrepl_entry: be_search (0)
Dec  8 15:55:09 mg slapd[6529]:
syncrepl_entry: uid=pr0239$,ou=maquinas,dc=matriz,dc=company
Dec  8 15:55:09 mg slapd[6529]: do_syncrep2: LDAP_RES_SEARCH_RESULT
Dec  8 15:55:09 mg slapd[6529]: connection_get(39)

Note that the first line is saying LDAP_SYNC_ADD and not LDAP_SYNC_MODIFY
once this user is already loaded.

Anyone can help us with this one?

Thanx in advance.

Gustavo

Reply via email to