Slave LDAP re-installation. Previous accounts aren't shown, but new ones shown

[fajarpri]

Hello all,
Last nigh my slave ldap got hosed that I need to reinstall it.
The machine only act as ldap replication.

I re-installed it (as slave ldap of course) and all seems ok. Running zmcontrol status shows that ldap is running.

However, when I run getent passwd, there aren't any previous account I created in zimbra. But, if I CREATE one in zimbra (master server), it shows in getent passwd in the slave.

Why is that? Why the previously created accounts (before the slave reinstallation) are not shown in getent passwd? How do I resolve this?

Thank you.

[fajarpri]

I found a workaround for this.
By tricking zimbra to think that I make a change in the user accounts (as simple as changing the status of the account from 'active' to 'maintenance' and then change back to 'active') and 'save' it. The account will be visible in slave using getent passwd again.

It seems that the above procedure successfully 'force' the slave ldap server to 'refresh' it's copy of ldap database.

The amount of work is not really horrible though since the number of users only about 100. But, I wonder if in the future when it reaches hundreds/thousands... it will take forever.

Does anyone know what is happening? What is the proper way to 'force' slave ldap to refresh it's database? I compare the content of openldap-data directory on both master and slave, and they're both the same (size, etc).

[fajarpri]

Well, I try another hacking.

After examining the zmldapenablereplica I found out that the replicateLdap function is commented out. So, enable it. And also I disable the createLdapConfig function, because it conflicts with zimbra as PDC function.

Anyway, it seems ok now. I can getent passwd/group with the same users/groups

I'm not sure if this hack is the correct way. So, please if anyone knows the proper procedure please let me know.
Thank you.

[code0]

I had a similar problem a while back after adding a new server - the LDAP replica just wouldn't replicate. I found that if I did a kill -HUP to the slapd process, then it seems to force it to sync. Give that a shot also.. BTW, the "dev1@domain.com" is an example account that wasn't syncing from the master server.

Code:

zimbra@devzimbra:~$ ps ax | grep slap 
 6329 ?        Ssl    0:00 /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://devzimbra.domain.com:389 -f /opt/zimbra/conf/slapd.conf
zimbra@devzimbra:~$ kill -HUP 6329
zimbra@devzimbra:~$ zmprov gaa | grep dev
dev1@domain.com

[fajarpri]

Strange.
I have zmcontrol stop/start, ldap stop/start. All the same. The database is not sync-ed. Doing all the above is the same as kill -HUP right?

[code0]

The only difference I can think of is that the kill -HUP will keep everything up and running. I'd much rather do the HUP then to restart everything on a production box.

[fajarpri]

Can someone from zimbra comment on this case?
Much appreciated