greetings, alas, but I still face the issue ... :-\
---[ replica log quotation start ]------------------------------------------- ... Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT (53) Server is unwilling to perform Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 (53) Server is unwilling to perform Jul 27 12:29:46 ABC slapd[15466]: do_syncrepl: rid=000 rc -2 retrying ... ---[ replica log quotation end ]------------------------------------------- ---[ master log quotation start ]------------------------------------------- ... Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND dn="uid=replABC,ou=repl,ou=system,dc=example" method=128 Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 BIND dn="uid=replABC,ou=repl,ou=system,dc=example" mech=SIMPLE ssf=0 Jul 27 12:29:46 master slapd[45467]: conn=2610 op=1 RESULT tag=97 err=0 text= Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 STARTTLS Jul 27 12:29:46 master slapd[45467]: conn=2611 op=0 RESULT oid= err=0 text= Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH base="cn=example-accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))" Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN Jul 27 12:29:46 master slapd[45467]: conn=2610 op=2 SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer than provider! Jul 27 12:29:46 master slapd[45467]: conn=2610 op=3 UNBIND ... ---[ master log quotation end ]------------------------------------------- please advise Quanah Gibson-Mount <qua...@symas.com> wrote: > > slapd[38004]: conn=30116 op=3 SEARCH RESULT tag=101 err=53 nentries=0 > > text=consumer state is newer than provider! > > It sounds like your replica was not configured correctly initially and > self-generated its own CSN that is newer than the one on the provider. what in replica configuration can lead to that? I configured replica just as it is described in the documentation "18.3.2.1. Delta-syncrepl Provider configuration" > It would be interesting to make a modification on the provider so that > its CSN is updated (and thus has one newer than on the consumer). doesn't help ... helps only deleting consumer DB (in some cases for a several times) DB replicates but after some time it looses sync again ... can master configuration cause that as well? here is (just to remind) how master/replica are configured ... ---[ replica slapd.conf quotation start ]------------------------------------------- ... syncrepl rid=0 provider=ldap://master.example:389 starttls=critical searchbase="dc=example" bindmethod=simple binddn="uid=replABC,ou=repl,dc=example" credentials="***" tls_cacert=/usr/local/etc/openldap/ssl/ca.crt tls_cert=/usr/local/etc/openldap/ssl/ABC.crt tls_key=/usr/local/etc/openldap/ssl/ABC.key tls_reqcert=try type=refreshAndPersist retry="60 +" logbase="cn=example-accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog ... ---[ replica slapd.conf quotation end ]------------------------------------------- ---[ master configuration quotation start ]------------------------------------------- ... access to dn.subtree="cn=example-accesslog" by dn.onelevel="ou=repl,ou=system,dc=example" read by * break ###--- ABC access to dn.regex="^uid=(.*)@foo.bar,authorizedService=(mail|xmpp)@foo.bar,uid=(.*),ou=People,dc=example$" attrs=entry,entryCSN,entryUUID,objectClass,cn,... by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * break access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example" by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * stop ... ---[ master configuration quotation end ]------------------------------------------- -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)