Discussion:
Delta-syncrepl not syncing entire directory: Entry CSN greater than snapshot
Pedro Roger
2015-10-21 16:10:06 UTC
Permalink
Hello,


i'm trying to setup a master/slave replication via delta-syncrepl, but for
the most of the entries i get the message: "Entry CSN greater than
snapshot". I had search in the archive of the mail list but i couldn't get
a solution for this. Any help is appreciate.

Some entrie i get in the syslog:

Oct 20 20:23:57 temperance slapd[7645]: Entry
uid=ari_oliveira,ou=uvanet.br,ou=mail,dc=uvanet,dc=br
CSN 20151015141738.689470Z#000000#000#000000 greater than snapshot
20150709142425.146445Z#000000#000#000000
Oct 20 20:23:57 temperance slapd[7645]: Entry
cn=SAPLIC,ou=groupOfNames,ou=intranet,dc=uvanet,dc=br CSN
20151020152042.450209Z#000000#000#000000 greater than snapshot
20150709142425.146445Z#000000#000#000000
Oct 20 20:23:57 temperance slapd[7645]: Entry
cn=SIGU,ou=groupOfNames,ou=intranet,dc=uvanet,dc=br CSN
20151020152042.636081Z#000000#000#000000 greater than snapshot
20150709142425.146445Z#000000#000#000000

I have the following config in the provider (slapd 2.4.23):

...
moduleload accesslog.la
moduleload syncprov.la

database hdb
suffix cn=accesslog
directory /opt/ldap/accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart eq


dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE


database hdb
suffix "dc=uvanet,dc=br"
rootdn "xxxxxx"
directory "/var/lib/ldap"

overlay syncprov
syncprov-checkpoint 1000 60
#syncprov-checkpoint 500 30
syncprov-reloadhint TRUE
syncprov-sessionlog 500

# accesslog overlay definitions for primary db
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00
index objectClass eq,pres
index ou,cn,sn,mail,givenname eq,pres,sub
index uidNumber,gidNumber,memberUid eq,pres
index loginShell eq,pres
index memberOf eq
## required to support pdb_getsampwnam
index uid pres,sub,eq
# required to support pdb_getsambapwrid()
index displayName pres,sub,eq
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index uniqueMember eq
index sambaGroupType eq
index sambaSIDList eq


# syncprov specific indexing
index entryUUID eq
index entryCSN eq

overlay memberof



In the consumer server we have:
syncrepl rid=1
provider=ldap://X.X.X.X
type=refreshAndPersist
retry="5 + 5 +"
interval=00:00:00:01
searchbase="dc=uvanet,dc=br"
filter="(objectClass=*)"
scope=sub
starttls=no
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
attrs="*"
schemachecking=on
bindmethod=simple
binddn="XXXX"
credentials="XXXX"

# Refer updates to the master
updateref ldap://X.X.X.X



Thanks in advance
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Pedro Roger Magalhães Vasconcelos
http://www.proger.eti.br
Quanah Gibson-Mount
2015-10-21 16:38:43 UTC
Permalink
Content preview: --On Wednesday, October 21, 2015 2:10 PM -0300 Pedro Roger
<***@gmail.com> wrote: > I have the following config in the provider
(slapd 2.4.23): The first thing you need to do is get a current build of
OpenLDAP. [...]

Content analysis details: (-2.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[162.209.122.174 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Wednesday, October 21, 2015 2:10 PM -0300 Pedro Roger
The first thing you need to do is get a current build of OpenLDAP.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

Loading...