[python-ldap] syncrepl with refreshAndPersist not detecting deletes
Ben Cooksley
bcooksley at kde.org
Thu May 31 02:57:09 CEST 2012
On Thu, May 31, 2012 at 4:50 AM, Chris Mikkelson <cmikk at qwest.net> wrote:
> On Thu, May 31, 2012 at 12:38:16AM +1200, Ben Cooksley wrote:
>> Hi all,
>>
>> With some help of the demo application, I now have a LDAP Syncrepl
>> client largely working. It detects additions, modifications and
>> deletions upon resuming perfectly, and additions and modifications
>> when persisting without problems too.
>>
>> Unfortunately, it completely misses deletes when persisting. It does
>> not even get a new cookie.
>> Any ideas?
>>
>> I'll see if I can get any evidence of OpenLDAP sending messages but
>> python-ldap filtering them out.
>
> Yes, please do. The easiest way to do this is to connect with:
Hi Chris,
>
> ldapsearch ${auth_options} ${search_options} -E \!sync=rp
As I expected, this didn't work, at least initially. Turns out this
was caused by a lack of permissions.
I was using a filter to limit the granting of the access rights,
removing said filter made it work (deletion notifications have no
attributes so the filter could not match).
>
> This should pause after printing the search results and
> "SyncInfo Received". When you delete a DN which matches
> the search, you should see something like:
>
> dn: ...
> control: 1.3.6.1.4.1.4203.1.9.1.2 false MEsKAQMEENvalhY+vhAxkhS55kGsVLgENHJpZD
> 0wMDAsY3NuPTIwMTIwNTMwMTYxODU4LjM4NTU3NlojMDAwMDAwIzAwMCMwMDAwMDA=
Yep. After fixing the access control problem, that now works. (Running
slapd with "-d acl" helps, especially when it works under the Root DN)
>
> Also, if possible, please upgrade OpenLDAP. They've fixed
> a lot of syncprov bugs since 2.4.26. I just did a quick
> and successful retest of this scenario with 2.4.31.
Thanks for the notice. It seems to work okay on my 2.4.26 system for
testing purposes, i'll consider upgrading the production system
though.
>
> --
> Chris Mikkelson | "For every complex problem, there is a solution
> cmikk at qwest.net | that is simple, neat, and wrong."
> | -- H. L. Mencken
Regards,
Ben
More information about the python-ldap
mailing list