Hello, He have OpenLDAP replication set up based on the docs at https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication
I noticed recently a symptom, whereby a new user exists only on the primary. So, I started to debug: Master: (ldap0) 0-16:23 djh@ldap0 ~$ ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=qxxxxxxxxd,dc=com contextCSN dn: dc=qxxxxxxxxd,dc=com contextCSN: 20180113002606.399160Z#000000#000#000000 Consumer: (ldap1) 0-16:23 djh@ldap1 ~$ ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=qxxxxxxxxd,dc=com contextCSN dn: dc=qxxxxxxxxd,dc=com contextCSN: 20171121212631.416502Z#000000#000#000000 Ooohhh, my! I have a lot of messages like this on the consumer: Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 DN: uid=djh,ou=People,dc=qxxxxxxxxd,dc=com, UUID: 29f7fc06-7c2a-1035-83e5-9d6082b37970 Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 inserted UUID 29f7fc06-7c2a-1035-83e5-9d6082b37970 Jan 12 16:28:55 ldap1 slapd[5383]: dn_callback : entries have identical CSN uid=djh,ou=People,dc=qxxxxxxxxd,dc=com 20180113002133.183992Z#000000#000#000000 Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 be_search (0) Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 uid=djh,ou=People,dc=qxxxxxxxxd,dc=com Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_entry: rid=317 entry unchanged, ignored (uid=djh,ou=People,dc=qxxxxxxxxd,dc=com) Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 DN: uid=john,ou=People,dc=qxxxxxxxxd,dc=com, UUID: ddaae880-7c2f-1035-83ed-9d6082b37970 Jan 12 16:28:55 ldap1 slapd[5383]: syncrepl_message_to_entry: rid=317 mods check (pwdChangedTime: attribute type undefined) Jan 12 16:28:55 ldap1 slapd[5383]: do_syncrepl: rid=317 rc 17 retrying What is funny is I can, for example, change the loginshell on my account, and that replicates. Is the latter message about pwdChangedTime a clue that maybe I had a schema change on Master that hasn't been applied to Consumer? Please advise on where to look next? Thanks! -danny -- http://dannyman.toldme.com
