Hi All,
I would appreciate some insight with a syncrepl issue that I have. The
scenario is as follows:
(1) LDAP master running debian slapd v2.3.30
replicating using syncrepl to
(2) LDAP master running debian slapd v2.4.11
The initial data for this node was seeded using slapcat/slapadd due to
the db size.
This is replicating via syncrepl to
(3) LDAP slave running debian slapd v2.4.11
On (3) the slave I am receiving the error:
do_syncrep2: cookie=rid=001,csn=20100825064231Z#000000#00#000000
do_syncrep2: rid=001 CSN too old, ignoring 20100825064231Z#000000#00#000000
for all replication events that are being received.
What I am trying to achieve is to deprecate server (1) with as little
downtime as possible, server (2) becomes the new master and (3) the new
slave
Replication between 1 & 2 works correctly but not between 2 & 3. The
time is correct on the servers. Server (3) database is seeded using
syncrepl. Configurations for 1, 2 & 3 are attached.
modulepath /usr/lib/ldap
moduleload back_bdb
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/nr.schema
include /etc/ldap/schema/nr-mail.schema
modulepath /usr/lib/ldap
moduleload syncprov
schemacheck on
#sizelimit 100
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
replogfile /var/lib/ldap/replog
loglevel 0
#email
database bdb
suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"
checkpoint 128 15
lastmod on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
limits "cn=admin,ou=email,dc=xyz"
size=unlimited
time=unlimited
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by
anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read
index objectClass,uid,cn eq,pres
index entryUUID eq
updatedn "cn=admin,ou=email,dc=xyz"
#dns
replica host=1.2.3.4 suffix="ou=email,dc=xyz" bindmethod=simple
binddn="cn=admin,ou=email,dc=xyz"
credentials="comein"
#www
database bdb
suffix "dc=xyz"
directory "/var/lib/ldap-www"
checkpoint 128 15
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=People,dc=xyz" write by
anonymous read by self write
# The admin dn has full write access
access to * by dn.regex="cn=admin,ou=People,dc=xyz" write by * read
updatedn "cn=admin,ou=People,dc=xyz"
index objectClass,uidNumber,gidNumber eq,pres
index uid,cn eq,pres,approx
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nr-mail.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
#loglevel 256
#loglevel none
#loglevel 296
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
# The maximum number of entries that is returned for a search operation
sizelimit 10
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
threads 32
#email
database hdb
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"
#db settings
checkpoint 128 15
dbconfig set_cachesize 0 369868800 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by
anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read
index objectClass,uid,cn,userPassword,entryCSN,entryUUID eq,pres
rootdn "cn=admin,ou=email,dc=xyz"
rootpw "secret"
syncrepl rid=1
provider=ldap://1.2.1.21
type=refreshAndPersist
searchbase="ou=email,dc=xyz"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=on
bindmethod=simple
binddn="cn=admin,ou=email,dc=xyz"
credentials="secret"
timelimit=unlimited
sizelimit=unlimited
retry="15 +"
#updateref ldap://1.2.1.21
#www
database hdb
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
suffix "dc=xyz"
directory "/var/lib/ldap-www"
#db settings
checkpoint 128 15
dbconfig set_cachesize 0 268435456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by
anonymous read by self write
access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read
index objectClass,uidNumber,gidNumber,entryCSN,entryUUID,memberUid,userPassword
eq,pres
index uid,cn eq,pres,approx
rootdn "cn=admin,ou=www,dc=xyz"
rootpw "secret"
syncrepl rid=2
provider=ldap://1.2.3.164
type=refreshAndPersist
searchbase="dc=xyz"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=on
bindmethod=simple
binddn="cn=admin,ou=People,dc=xyz"
credentials="secret"
timelimit=unlimited
sizelimit=unlimited
retry="15 +"
#updateref ldap://1.2.3.164
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nr-mail.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
#loglevel 256
#loglevel none
#loglevel 296
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 10
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
threads 32
#email
database hdb
suffix "ou=email,dc=xyz"
directory "/var/lib/ldap-mail"
#db settings
checkpoint 128 15
dbconfig set_cachesize 0 369868800 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=email,dc=xyz" write by
anonymous read by self write
access to * by dn.regex="cn=admin,ou=email,dc=xyz" write by * read
index objectClass,uid,cn,userPassword,entryUUID eq,pres
rootdn "cn=admin,ou=email,dc=xyz"
rootpw "secret"
syncrepl rid=1
provider=ldap://1.2.3.188
type=refreshAndPersist
searchbase="ou=email,dc=xyz"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=admin,ou=email,dc=xyz"
credentials="secret"
timelimit=unlimited
sizelimit=unlimited
updateref ldap://1.2.3.188
#www
database hdb
suffix "dc=xyz"
directory "/var/lib/ldap-www"
#db settings
checkpoint 128 15
dbconfig set_cachesize 0 268435456 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_max 10000000
dbconfig set_lg_bsize 8192
#readonly on
access to attrs=userPassword by dn.regex="cn=admin,ou=www,dc=xyz" write by
anonymous read by self write
access to * by dn.regex="cn=admin,ou=www,dc=xyz" write by * read
index objectClass,uidNumber,gidNumber,entryUUID,memberUid,userPassword eq,pres
index uid,cn eq,pres,approx
rootdn "cn=admin,ou=www,dc=xyz"
rootpw "secret"
syncrepl rid=2
provider=ldap://1.2.3.188
type=refreshAndPersist
searchbase="dc=xyz"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=admin,ou=www,dc=xyz"
credentials="secret"
timelimit=unlimited
sizelimit=unlimited
updateref ldap://1.2.3.188
