Dear all,
We have an OpenLDAP 2.4 cluster of three nodes configured in multi-master and
accessed through a VIP in round-robin. The three machines run RHEL7.
We noticed that deletion of an entry (done from a Windows machine onto the
first node via Oracle's tool ldapmodify.exe) takes a long time (about 48 hours)
to be replicated in the cluster.
Here's the relevant extract of cn=config for the first node:
olcSyncrepl: {0}rid=001 provider=ldap://mynode2:389/ bindmethod=simple
binddn="cn=Replicator,dc=mydomain,dc=org" credentials=1234567890
searchbase="dc=mydomain,dc=org" scope=sub schemachecking=on
type=refreshAndPersist
retry="30 5 300 +" keepalive="60:5:10"
olcSyncrepl: {1}rid=002 provider=ldap://mynode3:389/ bindmethod=simple
binddn="cn=Replicator,dc=mydomain,dc=org" credentials=1234567890
searchbase="dc=mydomain,dc=org" scope=sub schemachecking=on
type=refreshAndPersist
retry="30 5 300 +" keepalive="60:5:10"
olcMirrorMode: TRUE
We looked up for the offending entry (thisentry) in all nodes' logs and we
found this line on mynode3:
Jun 18 14:18:20 mynode3 slapd[8871]: conn=1987936 op=14 DEL
dn="dc=thisentry,ou=myou,ou=foobars,dc=mydomain,dc=org"
There are no other references to thisentry (apart from SRCH operations) on
node1 and node2, even if the entry was originally deleted from node1, as said
above.
What could be the cause and what could we do to further troubleshoot the issue?
Thanks in advance.
