--On Monday, November 6, 2023 2:00 PM +0000 michael.fr...@airbus.com wrote:
Dear list,
here is additional sync log after initially established proper sync and
then the consumer openldap service on (solaris, 2,4) is restarted:
Config on Consumer - only with one group in syncrepl:
olcSynrepl
{0}rid=004 provider=ldaps://xsdfsxcxc01.xxx1.dddds.XXX.yyy.zzz:636
binddn="cn=mmrepl,ou=services,dc=XXX,dc=yyy,dc=zzz" bindmethod=simple
credentials=gdfgdfhgdfh123 searchbase="dc=XXX,dc=yyy,dc=zzz"
type=refreshAndPersist retry="60 +"
filter="(|(&(objectClass=posixGroup)(ou:dn:=XXXCoreUserGroups)))"
scope=sub attrs="*,+" schemachecking=off olcSynrepl
{1}rid=044
provider=ldaps://dddd04nsgdfgdfhgdfh02.dddd04.dddds.XXX.yyy.zzz:636
binddn="cn=mmrepl,ou=services,dc=XXX,dc=yyy,dc=zzz" bindmethod=simple
credentials=gdfgdfhgdfhR6804! searchbase="dc=XXX,dc=yyy,dc=zzz"
type=refreshAndPersist retry="60 +"
filter="(|(&(objectClass=posixGroup)(ou:dn:=XXXCoreUserGroups)))"
scope=sub attrs="*,+" schemachecking=off
You're doing partial replication, which has very strict requirements. The
logs show it cannot find the CSN recorded in the DB, and this is likely why.
--Quanah
