[python-ldap] syncrepl with refreshAndPersist not detecting deletes

Ben Cooksley bcooksley at kde.org
Thu May 31 02:57:09 CEST 2012

On Thu, May 31, 2012 at 4:50 AM, Chris Mikkelson <cmikk at qwest.net> wrote:
> On Thu, May 31, 2012 at 12:38:16AM +1200, Ben Cooksley wrote:
>> Hi all,
>> With some help of the demo application, I now have a LDAP Syncrepl
>> client largely working. It detects additions, modifications and
>> deletions upon resuming perfectly, and additions and modifications
>> when persisting without problems too.
>> Unfortunately, it completely misses deletes when persisting. It does
>> not even get a new cookie.
>> Any ideas?
>> I'll see if I can get any evidence of OpenLDAP sending messages but
>> python-ldap filtering them out.
> Yes, please do. The easiest way to do this is to connect with:

Hi Chris,

>        ldapsearch ${auth_options} ${search_options} -E \!sync=rp

As I expected, this didn't work, at least initially. Turns out this
was caused by a lack of permissions.

I was using a filter to limit the granting of the access rights,
removing said filter made it work (deletion notifications have no
attributes so the filter could not match).

> This should pause after printing the search results and
> "SyncInfo Received". When you delete a DN which matches
> the search, you should see something like:
>  dn: ...
>  control: false MEsKAQMEENvalhY+vhAxkhS55kGsVLgENHJpZD

Yep. After fixing the access control problem, that now works. (Running
slapd with "-d acl" helps, especially when it works under the Root DN)

> Also, if possible, please upgrade OpenLDAP. They've fixed
> a lot of syncprov bugs since 2.4.26. I just did a quick
> and successful retest of this scenario with 2.4.31.

Thanks for the notice. It seems to work okay on my 2.4.26 system for
testing purposes, i'll consider upgrading the production system

> --
> Chris Mikkelson  |  "For every complex problem, there is a solution
> cmikk at qwest.net  |  that is simple, neat, and wrong."
>                 |                              -- H. L. Mencken


More information about the python-ldap mailing list