Quanah,
Thank you for the suggestion to move to delta-syncrepl MMR. Unfortunately,
I am having problems setting this up properly. After reading through some
documentation, I thought it would be simple but when I bring up slapd on my
two servers, they both start using around 100% CPU and in the debug output
the two servers are constantly looping through all of the objects in my DIT
and saying that the objects have not changed:
5453d6b5 @(#) $OpenLDAP: slapd 2.4.39 (Jun 18 2014 05:19:18) $
[email protected]:
/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/servers/slapd
5453d6b5 hdb_monitor_db_open: monitoring disabled; configure monitor
database to enable
5453d6b5 slapd starting
...
5453d6b5 syncrepl_message_to_entry: rid=001 DN: dc=example,dc=com, UUID:
1cfcd560-f564-1033-9f47-b521eabdb6ad
5453d6b5 syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
5453d6b5 syncrepl_entry: rid=001 inserted UUID
1cfcd560-f564-1033-9f47-b521eabdb6ad
5453d6b5 dn_callback : entries have identical CSN dc=example,dc=com
20141031161001.910968Z#000000#000#000000
5453d6b5 syncrepl_entry: rid=001 be_search (0)
5453d6b5 syncrepl_entry: rid=001 dc=example,dc=com
5453d6b5 syncrepl_entry: rid=001 entry unchanged, ignored
(dc=example,dc=com)
5453d6b5 syncrepl_message_to_entry: rid=001 DN: ou=users,dc=example,dc=com,
UUID: 1cfe8cf2-f564-1033-9f48-b521eabdb6ad
5453d6b5 syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
5453d6b5 syncrepl_entry: rid=001 inserted UUID
1cfe8cf2-f564-1033-9f48-b521eabdb6ad
5453d6b5 dn_callback : entries have identical CSN
ou=users,dc=example,dc=com 20141031161001.922234Z#000000#000#000000
5453d6b5 syncrepl_entry: rid=001 be_search (0)
5453d6b5 syncrepl_entry: rid=001 ou=users,dc=example,dc=com
5453d6b5 syncrepl_entry: rid=001 entry unchanged, ignored
(ou=users,dc=example,dc=com)
.....
5453d6b5 do_syncrep2: rid=001 LDAP_RES_SEARCH_RESULT
5453d6b5 do_syncrep2: rid=001 cookie=
... Repeated forever ...
Am I configuring something incorrectly?
To refresh your memory, I am running 2.4.39-8. I have two servers (server1
and server2) that I want to setup in delta-syncrepl MMR MirrorMode.
slapd.conf for server1:
----------------------------------------------
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload memberof.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
access to *
by dn.exact="cn=syncuser,dc=example,dc=com" read
by * break
access to dn.base=""
by * read
access to dn.base="cn=subschema"
by * read
access to attrs=userPassword,pwdHistory
by self write
by anonymous auth
by * none
access to dn.subtree="dc=example,dc=com"
by self write
by users read
by anonymous read
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
access to * by * none
database hdb
suffix "cn=accesslog"
directory /var/lib/ldap/accesslog
rootdn "cn=accesslog"
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
limits dn.exact="cn=syncuser,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
database hdb
suffix "dc=example,dc=com"
directory /var/lib/ldap
rootdn "cn=admin,dc=example,dc=com"
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
limits dn.exact="cn=syncuser,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
overlay syncprov
syncprov-checkpoint 1000 60
serverID 1
syncrepl rid=001
provider=ldap://server2/
type=refreshAndPersist
retry="10 +"
searchbase="dc=example,dc=com"
bindmethod=simple
binddn="cn=syncuser,dc=example,dc=com"
credentials=secret
syncdata=accesslog
mirrormode on
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 07+00:00 01+00:00
---------------------------------------
slapd.conf for server2:
-------------------------------------------
modulepath /usr/lib64/openldap
moduleload accesslog.la
moduleload memberof.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
access to *
by dn.exact="cn=syncuser,dc=example,dc=com" read
by * break
access to dn.base=""
by * read
access to dn.base="cn=subschema"
by * read
access to attrs=userPassword,pwdHistory
by self write
by anonymous auth
by * none
access to dn.subtree="dc=example,dc=com"
by self write
by users read
by anonymous read
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
access to * by * none
database hdb
suffix "cn=accesslog"
directory /var/lib/ldap/accesslog
rootdn "cn=accesslog"
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
limits dn.exact="cn=syncuser,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
database hdb
suffix "dc=example,dc=com"
directory /var/lib/ldap
rootdn "cn=admin,dc=example,dc=com"
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
limits dn.exact="cn=syncuser,dc=example,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
overlay syncprov
syncprov-checkpoint 1000 60
serverID 2
syncrepl rid=001
provider=ldap://server1/
type=refreshAndPersist
retry="10 +"
searchbase="dc=example,dc=com"
bindmethod=simple
binddn="cn=syncuser,dc=example,dc=com"
credentials=secret
syncdata=accesslog
mirrormode on
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 07+00:00 01+00:00
-------------------------------------------
Are there any obvious errors that I am making?
Thanks,
Kevin
On Thu, Oct 30, 2014 at 4:24 PM, Quanah Gibson-Mount <[email protected]>
wrote:
> --On Thursday, October 30, 2014 4:55 PM -0400 kevin sullivan <
> [email protected]> wrote:
>
> I am also looking for any resources that explain exactly how replication
>> works and how conflicts are resolved in a multi-master configuration. For
>> example, I know there are two phases of replication: the present phase
>> and the delete phase. Could server1 be replicating the data for
>> 'deletedUser' to server2 in the present phase before server2 has
>> communicated to server1 that 'deletedUser' no longer exists in the delete
>> phase? I don't believe this problem happens when I just delete
>> 'deletedUser' (instead of deleting AND modifying). I know I am butchering
>> the technical details a little bit, which is why I am curious how this
>> situation is expected to be resolved.
>>
>
> Personaly I use delta-syncrepl MMR to avoid the general issues with
> syncrepl. I've found it to be much more reliable.
>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Server Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
