Hello, Howard Thank you for a quick reply Actually, I have the configuration with several LDAP server without this = problem. But the version of these LDAPs is a bit less - 2.4.31.=20 On this installation when I changed the schema on the main server, on = secondary I see fully replicated data and warnings about unknown = attributes like:
5d36b192 UNKNOWN attributeDescription "TESTTYPE" inserted. Can I get the same behavior on the current/latest version? Thank you in advance. Best regards, Alex > On Jul 22, 2019, at 19:38, Howard Chu <[email protected]> wrote: >=20 > [email protected] wrote: >> Full_Name: Alex >> Version: 2.4.44+dfsg-5+deb9u2 >> OS: Debian 9 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (154.41.3.130) >>=20 >>=20 >> Looks like schemachecking parameter does not work properly >>=20 >> I have a few LDAPs >> On main LDAP server I changed the schema with an additional = attribute. >>=20 >> On the secondary LDAPs I have a problem with replication (does not = download >> items which have new attribute) >>=20 >> I have the following configuration on the secondary LDAP: >>=20 >> olcSyncrepl: {0}rid=3D001 provider=3Dldap://remote_ldap_addr = bindmethod=3Dsimple >> timeout=3D0 >> network-timeout=3D0 binddn=3D"cn=3Dadmin,dc=3Dexample" = credentials=3D"testPass" >> starttls=3Dno filter=3D"(objectclass=3D*)" searchbase=3D"dc=3Dexample" = scope=3Dsub >> schemachecking=3Doff type=3DrefreshAndPersist interval=3D00:00:02:00 = retry=3D"5 +" >>=20 >>=20 >> I have the following errors in syslog: >>=20 >> Jul 22 17:05:29 221100000e68 slapd[6838]: null_callback : error code = 0x50 >> Jul 22 17:05:29 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 = be_add >> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80) >> Jul 22 17:05:29 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc = 80 retrying >> Jul 22 17:05:34 221100000e68 slapd[6838]: null_callback : error code = 0x50 >> Jul 22 17:05:34 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 = be_add >> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80) >> Jul 22 17:05:34 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc = 80 retrying >> Jul 22 17:05:39 221100000e68 slapd[6838]: null_callback : error code = 0x50 >> Jul 22 17:05:39 221100000e68 slapd[6838]: syncrepl_entry: rid=3D001 = be_add >> uid=3D1326514,o=3Dcom0,dc=3Dexample failed (80) >> Jul 22 17:05:39 221100000e68 slapd[6838]: do_syncrepl: rid=3D001 rc = 80 retrying >=20 > syncrepl is ignoring the schema as you requested. However the = underlying backend is refusing > to store the entries that syncrepl passes to it. >=20 > In general, turning off schema checking is only safe for overriding = syntax validity checks > on known attributes. You still have to at least define the existence = of these attributes > on all participating servers. >=20 > --=20 > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/
