This tool checks the synchronization status between two replicas. It checks for missing entries & and inconsistencies between entries. There are two modes to can run the tool under: online and offline. “Offline” mode compares two LDIF files (ideally exported using “db2ldif -r” to get the replication state information, but either a regular db2ldif, or a ldapsearch of the entire database redirected to a file, can also be used.
Since “online mode *” is run on live servers technically they will never be in sync at the same time if they are under steady load. To combat this pitfall a “lag” allowance is used. By default the lag time is set to 5 minutes (300 seconds), but it can be set to any value. So if an inconsistency is detected, and it is within this lag allowance it will *NOT be reported. While this is not perfect due to the nature of the replication, it will help reduce false positives. Setting the lag time to 0 disables this feature.
So the tools sees the two replicas as a “Supplier” and a “Replica”, but it could really just be “ReplicaA” and “ReplicaB”. So when the tool finds a problem it reports what Supplier has, and what Replica has.
The “lag” algorithm looks at the state information in each entry using the nscpentryWSI attribute. When evaluating an attribute value inconsistency the tool will take the most recent csn timestamp from the state information (it checks vucsn, vdcsn, mdcsn, and adcsn). This timestamp is then subtracted from the time the tool was started to determine if the inconsistency is within the lag allowance.
The entry gathering is done using a search with the “paged result control” to bring in 500 entries at a time until all the entries are returned and processed. The batch processing works as follows. Each entry from the Supplier entries is checked if it exists in the Replica entries. If they both exist in this page result group, then they are compared. Any remaining entries without matches on either side (temporarily missing entries), are rolled into the next paged result set. After all the paged result searches complete any “temporarily missing” entries become “definitely missing” entries and are listed in the final report.
Usage: ds-replcheck [options]
Replication Comparison Tool (v1.2). This script can be used to compare two
replicas to see if they are in sync.
Options:
-h, --help show this help message and exit
-o FILE, --outfile FILE
The output file
-D BINDDN, --binddn BINDDN
The Bind DN (REQUIRED)
-w BINDPW, --bindpw BINDPW
The Bind password (REQUIRED)
-m MURL, --supplier_url MURL
The LDAP URL for the Supplier server (REQUIRED)
-r RURL, --replica_url RURL
The LDAP URL for the Replica server (REQUIRED)
-b SUFFIX, --basedn SUFFIX
Replicated suffix (REQUIRED)
-l LAG, --lagtime LAG
The amount of time to ignore inconsistencies (default
300 seconds)
-Z CERTDIR, --certdir CERTDIR
The certificate database directory for secure
connections
-i IGNORE, --ignore IGNORE
Comma separated list of attributes to ignore
-p PAGESIZE, --pagesize PAGESIZE
The paged result grouping size (default 500 entries)
-M MLDIF, --mldif MLDIF
Supplier LDIF file (offline mode)
-R RLDIF, --rldif RLDIF
Replica LDIF file (offline mode)
Displays the number of tombstone entries on each replica. These entries are added to the total entry count.
Lists the DN’s of each conflict entry, the conflict type, and the date it was created.
Lists the DN’s of each missing entry and the creation date from the replica where the entry resides.
Lists the DN of the entry, then it displays the “Attribute” that is different and what those values are on each replica. If state information is available it is also displayed. If there is no state information for an attribute it is listed as an Origin value. This means the value has not been touched since replication was first initialized, in other words it means the value is pristine and was never updated.
# ds-replcheck -D "cn=directory manager" -w PASSWORD -m ldap://myhost.domain.com:389 -r ldap://otherhost.domain.com:389 -b "dc=example,dc=com"
# ds-replcheck -D "cn=directory manager" -w PASSWORD -m ldap://myhost.domain.com:389 -r ldap://otherhost.domain.com:389 -b "dc=example,dc=com" -Z /etc/dirsrv/slapd-myinstance
# ds-replcheck -D "cn=directory manager" -w PASSWORD -m ldaps://myhost.domain.com:636 -r ldaps://otherhost.domain.com:636 -b "dc=example,dc=com" -Z /etc/dirsrv/slapd-myinstance
# ds-replcheck -D "cn=directory manager" -w PASSWORD -m ldapi://%2fvar%2frun%2fslapd-ID.socket -r ldap://otherhost.domain.com:389 -b "dc=example,dc=com" -Z /etc/dirsrv/slapd-myinstance
# ds-replcheck -D "cn=directory manager" -w PASSWORD -m ldapi://%2fvar%2frun%2fslapd-ID.socket -r ldap://otherhost.domain.com:389 -b "dc=example,dc=com"
# ds-replcheck -b dc=example,dc=com -M /tmp/replicaA.ldif -R /tmp/replicaB.ldif
# ds-replcheck -m ldap://localhost:389 -r ldap://localhost:5555 -D "cn=directory manager" -w password -b dc=example,dc=com
Performing online report...
================================================================================
Replication Synchronization Report (Fri Apr 7 16:30:29 2017)
================================================================================
Database RUV's
=====================================================
Supplier RUV:
{replica 1 ldap://localhost.localdomain:389} 58e53b92000200010000 58e6ab46000000010000
{replica 2 ldap://localhost.localdomain:5555} 58e53baa000000020000 58e69d7e000000020000
{replicageneration} 58e53b7a000000010000
Replica RUV:
{replica 1 ldap://localhost.localdomain:389} 58e53ba1000000010000 58e6ab46000000010000
{replica 2 ldap://localhost.localdomain:5555} 58e53baa000000020000 58e7e8a3000000020000
{replicageneration} 58e53b7a000000010000
Entry Counts
=====================================================
Supplier: 12
Replica: 10
Tombstones
=====================================================
Supplier: 10
Replica: 10
Conflict Entries
=====================================================
Supplier Conflict Entries: 2
- nsuniqueid=48177227-2ab611e7-afcb801a-ecef6d49+uid=steve038,dc=example,dc=com
- Conflict: namingConflict (add) uid=steve038,dc=example,dc=com
- Glue entry: no
- Created: Wed Apr 26 20:27:40 2017
- nsuniqueid=48177228-2ab611e7-afcb801a-ecef6d49+uid=steve039,dc=example,dc=com
- Conflict: namingConflict (add) uid=steve039,dc=example,dc=com
- Glue entry: no
- Created: Wed Apr 26 20:27:40 2017
Replica Conflict Entries: 2
- nsuniqueid=48177227-2ab611e7-afcb801a-ecef6d49+uid=steve038,dc=example,dc=com
- Conflict: namingConflict (add) uid=steve038,dc=example,dc=com
- Glue entry: no
- Created: Wed Apr 26 20:27:40 2017
- nsuniqueid=48177228-2ab611e7-afcb801a-ecef6d49+uid=steve039,dc=example,dc=com
- Conflict: namingConflict (add) uid=steve039,dc=example,dc=com
- Glue entry: no
- Created: Wed Apr 26 20:27:40 2017
Missing Entries
=====================================================
Entries missing on Supplier:
- uid=bbrown850,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=asmith993,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=breynolds994,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=grose995,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=bmegginson1002,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=bmorris71,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
- uid=akinder422,dc=example,dc=com (Created on Replica at: Wed Apr 12 14:43:24 2017)
Entries missing on Replica:
- uid=hrose803,dc=example,dc=com (Created on Supplier at: Wed Apr 12 14:43:24 2017)
- uid=adugan870,dc=example,dc=com (Created on Supplier at: Wed Apr 12 14:43:24 2017)
- uid=hrose75,dc=example,dc=com (Created on Supplier at: Wed Apr 12 14:43:24 2017)
- uid=hsholl122,dc=example,dc=com (Created on Supplier at: Wed Apr 12 14:43:24 2017)
- uid=hrose280,dc=example,dc=com (Created on Supplier at: Wed Apr 12 14:43:24 2017)
Entry Inconsistencies
=====================================================
cn=group2,dc=example,dc=com
---------------------------
Replica missing attribute "objectclass":
- Supplier's State Info: objectClass;vucsn-58e53baa000000020000: top
- Date: Wed Apr 5 14:47:06 2017
- Supplier's State Info: objectClass;vucsn-58e53baa000000020000: groupofuniquenames
- Date: Wed Apr 5 14:47:06 2017
uid=bmullen463,dc=example,dc=com
--------------------------------
- Attribute 'cn' is different:
Supplier:
- State Info: cn;adcsn-58ee5357000000010000;vucsn-58ee5357000000010000: Brad Mulleny
- Date: Wed Apr 12 12:18:31 2017
Replica:
- Origin value: Brad Mullen
cn=group1,dc=example,dc=com
---------------------------
- Attribute 'cn' is different:
Supplier:
- State Info: cn;vucsn-58e53baa000000020000;mdcsn-58e53baa000000020000: My value
- Date: Wed Apr 5 14:47:06 2017
Replica:
- State Info: cn;adcsn-58e7e0de000000020000;vucsn-58e7e0de000000020000: My value
- Date: Fri Apr 7 14:56:30 2017
- State Info: cn;vucsn-58e7e0de000000020000: Another value
- Date: Fri Apr 7 14:56:30 2017
- Attribute 'description' is different:
Supplier:
- State Info: description;vucsn-58e53bd9000000020000: okay
- Date: Wed Apr 5 14:47:53 2017
Replica:
- State Info: description;adcsn-58e7d61c000000020000;vucsn-58e7d61c000000020000: Replica is now different
- Date: Fri Apr 7 14:10:36 2017