Hi, You can find below my full config.
To be more precise, my problem is : - I add a user on node1, it's replicated on node2 - I add a second user (or group) on node2, it's not replicated on node2. In the logs, I get Jan 15 16:11:21 node2 slapd[2465]: do_syncrep2: rid=102 LDAP_RES_SEARCH_RESULT Jan 15 16:11:22 node2 slapd[2465]: do_syncrep2: rid=101 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Jan 15 16:11:22 node2 slapd[2465]: do_syncrep2: rid=101 LDAP_RES_SEARCH_RESULT Jan 15 16:11:22 node2 slapd[2465]: do_syncrep2: rid=101 cookie=rid=101,csn=20200115102817.516155Z#000000#000#000000 Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 90915624-c578-1039-97ac-bb4be13c2c82, dn dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 90952132-c578-1039-8aef-6f411f63000a, dn cn=admin,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 909a0760-c578-1039-8af0-6f411f63000a, dn ou=people,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 909b4666-c578-1039-8af1-6f411f63000a, dn ou=groups,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 9a1f5e84-c578-1039-918d-7129ec86f31a, dn uid=appadmin,ou=people,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 9a48db24-c578-1039-918e-7129ec86f31a, dn cn=admins-for-app,ou=groups,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: nonpresent_callback: rid=101 present UUID 3032f6b0-cbcd-1039-952e-fb0cd8c5af02, dn uid=testuser,dc=foo,dc=bar Jan 15 16:11:22 node2 slapd[2465]: slap_queue_csn: queueing 0x7f4628103420 20200115102817.516155Z#000000#000#000000 Jan 15 16:11:22 node2 slapd[2465]: slap_graduate_commit_csn: removing 0x7f4628103420 20200115102817.516155Z#000000#000#000000 What means "nonpresent_callback" ? I also tested with replication user in a different database, as suggested in this mailing list, but the result is the same. Regards, Vincent # config dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcDisallows: bind_anon olcLogLevel: any olcPidFile: /var/run/slapd/slapd.pid olcRequires: authc olcToolThreads: 1 olcServerID: 0 ldap:/// olcServerID: 1 ldap://node1-vpn olcServerID: 2 ldap://node2-vpn # module{0}, config dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_mdb # module{1}, config dn: cn=module{1},cn=config objectClass: olcModuleList cn: module{1} olcModuleLoad: {0}syncprov.la # {0}mdb, config dn: olcBackend={0}mdb,cn=config objectClass: olcBackendConfig olcBackend: {0}mdb # {-1}frontend, config dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read olcSizeLimit: 500 # {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break # {1}mdb, config dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=nodomain olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to * by * read olcLastMod: TRUE olcRequires: authc olcRootDN: cn=admin,dc=nodomain olcRootPW: {SSHA}HdZbPd66TxCjeYEIAASbAQTnvFh3GOTw olcDbCheckpoint: 512 30 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq olcDbIndex: uidNumber,gidNumber eq olcDbIndex: member,memberUid eq olcDbMaxSize: 1073741824 # {2}mdb, config dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/foobar/ldap olcSuffix: dc=foo,dc=bar olcAccess: {0}to attrs=userPassword by anonymous auth by self write by dn.exact="cn=rpuser,dc=foo,dc=bar" read olcAccess: {1}to * by dn="cn=admin,dc=foo,dc=bar" write by self write by users read by * none olcLastMod: TRUE olcLimits: {0}dn.exact="uid=rpuser,dc=foo,dc=bar" time.soft=unlimited time.h ard=unlimited size.soft=unlimited size.hard=unlimited olcRequires: authc olcRootDN: cn=admin,dc=foo,dc=bar olcRootPW: {SSHA}zL8CSrnkBacsebLUsJ+dzva6eQ7xcyZJ olcSyncrepl: {0}rid=101 provider=ldap://node1-vpn binddn="uid=rpuser,dc=foo, dc=bar" bindmethod=simple credentials=rppwd searchbase="dc=foo,dc=bar" type=r efreshOnly interval=00:00:00:20 retry="5 10 20 10" timeout=1 olcSyncrepl: {1}rid=102 provider=ldap://node2-vpn binddn="uid=rpuser,dc=foo, dc=bar" bindmethod=simple credentials=rppwd searchbase="dc=foo,dc=bar" type=r efreshOnly interval=00:00:00:20 retry="5 10 20 10" timeout=1 olcMirrorMode: TRUE olcDbCheckpoint: 512 30 olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbMaxSize: 1073741824 # {0}syncprov, {2}mdb, config dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov Le 13/01/2020 à 20:31, Quanah Gibson-Mount a écrit : > > > --On Monday, January 13, 2020 6:32 PM +0100 Vincent Ducot > <[email protected]> wrote: > >> >> Ok, I thought the rule matched if "by" also matched. Thanks to light it. >> >> I apply the olcAccess you proposed. >> >> I still have the problem of deletion of "dc=foo,dc=bar" tree on node2, >> for example when I add a user on node1. Any idea why ? > > Not off the top of my head. Without full configs for both servers or > an understanding of the state of the replicated databases on each > server, it would all be random speculation. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>
