Forgot this info: OpenLDAP 2.4.39 with back-mdb
syncrepl: refreshAndPersist with keepalive set, authc with SASL/EXTERNAL based on TLS client certs On Fri, 15 Aug 2014 12:21:30 +0200 "Michael Ströder" <[email protected]> wrote > HI! > > I have a replication topology with providers running with MMR and a layer of > r/o consumers.. > - spread across three data centers > - in two different countries (DE and foreign country) > > Network traffic between the countries has higher latency so consumers are > only accessing providers within the same country. > Write operations go nearly 100% to a single provider in Germany. > > All systems are using these overlays: > - slapo-ppolicy (mostly for password expiry) > - slapo-lastbind overlays > - slapo-accesslog (yes, also on consumers) > > Now occasionally contextCSN values differ most times for a couple of minutes > on the consumers in the foreign country from their local providers. > > I cannot tell exactly which conditions are causing this. But I observed that > most times there was a login failure on the provider in Germany which results > in 'pwdChangedTime' being set and replicated to the consumers. Most times > followed by 'authTimestamp' being correctly set. > > So I wonder whether the differences of the contextCSN values could be caused > by 'pwdChangedTime' and 'authTimestamp' being replicated to providers but not > to consumers. > > Any clue? Thanks in advance. > > Ciao, Michael. -- Michael Ströder Klauprechtstr. 11 Dipl.-Inform. D-76137 Karlsruhe, Germany Tel.: +49 721 8304316 Mobil: +49 170 2391920 E-Mail: [email protected] http://www.stroeder.com
