On Monday, 29 March 2010 21:30:20 L.B. wrote: > Hi; > > I've finally decided to make the move to syncrepl after much delay and > procrastination. I've read the guide and also reviewed several howto's > on the topic... It still isn't running correctly for me because it > doesn't replicate a few new users I've added to the provider. Also I'm > seeing the following issue over and over (every time it tries a sync > on my 10m interval):
This normally indicates that the consumer didn't get the final control, usually because it didn't have sufficient (size/time) access to get the full search results. > ######### > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 > LDAP_RES_INTERMEDIATE - SYNC_ID_SET > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent: > rid 001 be_delete > uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0) > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 > LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 > be_search (0) > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 > uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com > Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add > (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 > LDAP_RES_SEARCH_RESULT > ######### > > My setup is RHEL4 with Buchan's RPMs > (openldap2.3-servers-2.3.39-3.rhel4, etc.). 2.3.43 has been available for a long time ... > I have a fairly simple > setup, one provider and one consumer. > > Here is my provider config: > ###################### > > include /usr/share/openldap2.3/schema/core.schema > include /usr/share/openldap2.3/schema/cosine.schema > include /usr/share/openldap2.3/schema/inetorgperson.schema > include /usr/share/openldap2.3/schema/nis.schema > include /usr/share/openldap2.3/schema/misc.schema > include /usr/share/openldap2.3/schema/corba.schema > include /usr/share/openldap2.3/schema/openldap.schema > include /usr/share/openldap2.3/schema/ppolicy.schema > include /usr/share/openldap2.3/schema/ldapns.schema > > access to * > by dn.exact="cn=Replicator,dc=swa,dc=com" read > by self read > by * none break > > limits group="cn=Replicator,dc=swa,dc=com" > size=unlimited > time=unlimited The intention in my limits example is that you would create a groupOfNames for cn=Replicator, and add additional host-specific DNs to this groupOfNames object. But, it seems you have only one cn=Replicator non-group entry, changed the ACL appropriately, but not the limits statement. [...] > syncrepl rid=001 > provider=ldap://ldap-agis01.mascorp.com > type=refreshOnly > interval=00:00:10:00 > retry="60 10 300 +" > searchbase="dc=swa,dc=com" > filter="(objectClass=*)" > binddn="cn=Replicator,dc=swa,dc=com" > bindmethod=simple > credentials=yadayadayada > schemachecking=off > updateref ldap://ldap-agis01.mascorp.com/ Assuming you have more than 500 entries, if you do a search as this syncrepl binddn, with the rest of the search parameters based on the syncrepl configuration, do you get all entries, or a "Size limit exceeded" ? Regards, Buchan
