Thanks for the follow up Quanah, Version: OpenLDAP: slapd 2.4.56 We use delta sync replication We have been provisioning 2 new providers to achieve multi master for a total of 3 providers. We have been testing the newly provisioned databases for accuracy with the ldiff-diff tool provided by https://github.com/pingidentity/ldapsdk
Provision Process: 1. Take backup of database with mdb_copy on initial provider. 2. Load database schema / config on new provider. 3. replace default DB with backup DB on new provider 4. Add access log overlay / access log database to DB on new provider 5. Turn on delta sync replication for new provider so it "catches up" from the original provider. We historically did not have olcSpCheckpoint set to a value so we theorize the backup databases were newer in state than indicated by the contextCSN in the backed up database. Through testing specifically around deleting a user group containing hundreds of users between when the backup was taken and the new provider enabled w/ replication (so the new provider had to catch up with the user group delete) we noticed incorrect final state on the newly provisioned provider. Not until we added CSN checkpointing did the restores start to be 100% accurate. Given our theory that the newly provisioned database is syncing from the last checkpointed CSN and forming inconsistencies we wanted to set olcSpCheckpoint: 1 1, to never have a discrepancy between database state and the CSN in the backed up database. Initial testing shows `olcSpCheckpoint: 1 1` to function fine, but we wanted to be cautious about setting to this frequency in case there were any known issues doing such a frequent setting. Thanks, Tom
