--On Tuesday, May 4, 2021 11:37 PM +0000 thomaswilliampritch...@gmail.com wrote:

You are correct we do not copy the access log, strictly the primary db.

Ok good.

When we restore a backup with a behind checkpoint we find some entries
have incorrect fields in the new provider given the current state of the
original provider, in other words, the databases do not match. The new
provider seems to regain an incorrect state when syncing with a behind
checkpoint from the current DB state.

On Provider A (missing or large olcSpCheckpoint interval possibly days
old). Add group1 with a set of 100 users.
Add the 100 users to a new group, group2.
Take a backup with mdb_copy.
Delete group2.

On Provider B
Build / setup with the backup mdb_copy database.
Turn on delta sync to Provider A

When the catch up sync is finished, compare the database contents for
accuracy. We are seeing group membership become incorrect on Provider B
(the new provider).

We cannot upgrade at the moment and olcSpCheckpoint: 1 1 seems to work.
Is there any reason we should not use olcSpCheckpoint: 1 1?

No, that's fine. The issue is more that you shouldn't be having any issues as long as the checkpoint is more frequent than the accesslog purge configuration. It would be useful to have a copy of your configuration for the two nodes (passwords redacted, if you can send them to me directly). I'd like to see if I can create a reproduction case.

Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Reply via email to