Hi Buchan - I updated the limits statement to the following: limits dn.exact="cn=Replicator,dc=swa,dc=com" size=unlimited time=unlimited
and now it appears to be working as expected! On a side note, I never received a "Size limit exceeded" using the same parameters from the syncrepl configuration (I'm under 500 entries). Thanks! Rafael Below is the new output after a synchronization: May 20 22:16:06 admin-agis01 last message repeated 3 times May 20 22:16:48 admin-agis01 slapd2.3[32501]: do_syncrep2: rid 001 LDAP_RES_INTERMEDIATE - SYNC_ID_SET May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_del_nonpresent: rid 001 be_delete uid=dyrnaesd,ou=Software Applications,dc=swa,dc=com (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 cn=users,ou=groups,dc=swa,dc=com May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 cn=swa,ou=groups,dc=swa,dc=com May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 uid=barreror,ou=Software Applications,dc=swa,dc=com May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_search (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com May 20 22:16:48 admin-agis01 slapd2.3[32501]: syncrepl_entry: rid 001 be_modify (0) May 20 22:16:48 admin-agis01 slapd2.3[32501]: do_syncrep2: rid 001 LDAP_RES_SEARCH_RESULT May 20 22:17:23 admin-agis01 slapd2.3[32501]: <= bdb_equality_candidates: (uniqueMember) not indexed On Mar 30, 2010, at 4:10 AM, Buchan Milne wrote: > On Monday, 29 March 2010 21:30:20 L.B. wrote: >> Hi; >> >> I've finally decided to make the move to syncrepl after much delay and >> procrastination. I've read the guide and also reviewed several howto's >> on the topic... It still isn't running correctly for me because it >> doesn't replicate a few new users I've added to the provider. Also I'm >> seeing the following issue over and over (every time it tries a sync >> on my 10m interval): > > This normally indicates that the consumer didn't get the final control, > usually > because it didn't have sufficient (size/time) access to get the full search > results. > > >> ######### >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 >> LDAP_RES_INTERMEDIATE - SYNC_ID_SET >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_del_nonpresent: >> rid 001 be_delete >> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com (0) >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 >> LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 >> be_search (0) >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 >> uid=airftp,ou=SystemUsers,ou=SystemAccounts,dc=swa,dc=com >> Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: syncrepl_entry: rid 001 be_add >> (0) Mar 5 20:25:19 admin-agis01 slapd2.3[6147]: do_syncrep2: rid 001 >> LDAP_RES_SEARCH_RESULT >> ######### >> >> My setup is RHEL4 with Buchan's RPMs >> (openldap2.3-servers-2.3.39-3.rhel4, etc.). > > 2.3.43 has been available for a long time ... > >> I have a fairly simple >> setup, one provider and one consumer. >> >> Here is my provider config: >> ###################### >> >> include /usr/share/openldap2.3/schema/core.schema >> include /usr/share/openldap2.3/schema/cosine.schema >> include /usr/share/openldap2.3/schema/inetorgperson.schema >> include /usr/share/openldap2.3/schema/nis.schema >> include /usr/share/openldap2.3/schema/misc.schema >> include /usr/share/openldap2.3/schema/corba.schema >> include /usr/share/openldap2.3/schema/openldap.schema >> include /usr/share/openldap2.3/schema/ppolicy.schema >> include /usr/share/openldap2.3/schema/ldapns.schema >> >> access to * >> by dn.exact="cn=Replicator,dc=swa,dc=com" read >> by self read >> by * none break >> >> limits group="cn=Replicator,dc=swa,dc=com" >> size=unlimited >> time=unlimited > > The intention in my limits example is that you would create a groupOfNames > for > cn=Replicator, and add additional host-specific DNs to this groupOfNames > object. But, it seems you have only one cn=Replicator non-group entry, > changed > the ACL appropriately, but not the limits statement. > > [...] > >> syncrepl rid=001 >> provider=ldap://ldap-agis01.mascorp.com >> type=refreshOnly >> interval=00:00:10:00 >> retry="60 10 300 +" >> searchbase="dc=swa,dc=com" >> filter="(objectClass=*)" >> binddn="cn=Replicator,dc=swa,dc=com" >> bindmethod=simple >> credentials=yadayadayada >> schemachecking=off >> updateref ldap://ldap-agis01.mascorp.com/ > > > Assuming you have more than 500 entries, if you do a search as this syncrepl > binddn, with the rest of the search parameters based on the syncrepl > configuration, do you get all entries, or a "Size limit exceeded" ? > > Regards, > Buchan