Blame SOURCES/0006-Issue-3903-Supplier-should-do-periodic-updates.patch

a77461
From e65d6225398901c3319e72a460bc58e5d50df67c Mon Sep 17 00:00:00 2001
a77461
From: Mark Reynolds <mreynolds@redhat.com>
a77461
Date: Wed, 3 Aug 2022 16:27:15 -0400
a77461
Subject: [PATCH 2/5] Issue 3903 - Supplier should do periodic updates
a77461
a77461
Description:
a77461
a77461
On suppliers update the keep alive entry periodically to keep the RUV up
a77461
to date in case a replica is neglected for along time.  This prevents
a77461
very long changelog scans when finally processing updates.
a77461
a77461
relates: https://github.com/389ds/389-ds-base/issues/3903
a77461
a77461
Reviewed by: firstyear & tbordaz(Thanks!)
a77461
---
a77461
 .../suites/replication/regression_m2_test.py  |  96 +++++--------
a77461
 .../suites/replication/replica_config_test.py |   6 +-
a77461
 ldap/schema/01core389.ldif                    |   3 +-
a77461
 ldap/servers/plugins/replication/repl5.h      |  11 +-
a77461
 .../plugins/replication/repl5_inc_protocol.c  |  44 +-----
a77461
 .../plugins/replication/repl5_replica.c       | 127 +++++++++++++-----
a77461
 .../replication/repl5_replica_config.c        |  12 ++
a77461
 .../plugins/replication/repl5_tot_protocol.c  |   4 +-
a77461
 ldap/servers/plugins/replication/repl_extop.c |   2 +-
a77461
 .../plugins/replication/repl_globals.c        |   1 +
a77461
 .../src/lib/replication/replConfig.jsx        |  32 ++++-
a77461
 src/cockpit/389-console/src/replication.jsx   |   6 +
a77461
 src/lib389/lib389/cli_conf/replication.py     |   6 +-
a77461
 13 files changed, 202 insertions(+), 148 deletions(-)
a77461
a77461
diff --git a/dirsrvtests/tests/suites/replication/regression_m2_test.py b/dirsrvtests/tests/suites/replication/regression_m2_test.py
a77461
index 466e3c2c0..7dd0f2984 100644
a77461
--- a/dirsrvtests/tests/suites/replication/regression_m2_test.py
a77461
+++ b/dirsrvtests/tests/suites/replication/regression_m2_test.py
a77461
@@ -14,6 +14,7 @@ import ldif
a77461
 import ldap
a77461
 import pytest
a77461
 import subprocess
a77461
+import time
a77461
 from lib389.idm.user import TEST_USER_PROPERTIES, UserAccounts
a77461
 from lib389.pwpolicy import PwPolicyManager
a77461
 from lib389.utils import *
a77461
@@ -204,12 +205,12 @@ def rename_entry(server, idx, ou_name, new_parent):
a77461
 def add_ldapsubentry(server, parent):
a77461
     pwp = PwPolicyManager(server)
a77461
     policy_props = {'passwordStorageScheme': 'ssha',
a77461
-                                'passwordCheckSyntax': 'on',
a77461
-                                'passwordInHistory': '6',
a77461
-                                'passwordChange': 'on',
a77461
-                                'passwordMinAge': '0',
a77461
-                                'passwordExp': 'off',
a77461
-                                'passwordMustChange': 'off',}
a77461
+                    'passwordCheckSyntax': 'on',
a77461
+                    'passwordInHistory': '6',
a77461
+                    'passwordChange': 'on',
a77461
+                    'passwordMinAge': '0',
a77461
+                    'passwordExp': 'off',
a77461
+                    'passwordMustChange': 'off',}
a77461
     log.info('Create password policy for subtree {}'.format(parent))
a77461
     pwp.create_subtree_policy(parent, policy_props)
a77461
 
a77461
@@ -742,7 +743,7 @@ def get_keepalive_entries(instance, replica):
a77461
     try:
a77461
         entries = instance.search_s(replica.get_suffix(), ldap.SCOPE_ONELEVEL,
a77461
                                     "(&(objectclass=ldapsubentry)(cn=repl keep alive*))",
a77461
-                                    ['cn', 'nsUniqueId', 'modifierTimestamp'])
a77461
+                                    ['cn', 'keepalivetimestamp', 'nsUniqueId', 'modifierTimestamp'])
a77461
     except ldap.LDAPError as e:
a77461
         log.fatal('Failed to retrieve keepalive entry (%s) on instance %s: error %s' % (dn, instance, str(e)))
a77461
         assert False
a77461
@@ -761,6 +762,7 @@ def verify_keepalive_entries(topo, expected):
a77461
     # (for example after: db2ldif / demote a supplier / ldif2db / init other suppliers)
a77461
     # ==> if the function is somehow pushed in lib389, a check better than simply counting the entries
a77461
     # should be done.
a77461
+    entries = []
a77461
     for supplierId in topo.ms:
a77461
         supplier = topo.ms[supplierId]
a77461
         for replica in Replicas(supplier).list():
a77461
@@ -771,6 +773,7 @@ def verify_keepalive_entries(topo, expected):
a77461
             keepaliveEntries = get_keepalive_entries(supplier, replica);
a77461
             expectedCount = len(topo.ms) if expected else 0
a77461
             foundCount = len(keepaliveEntries)
a77461
+            entries += keepaliveEntries
a77461
             if (foundCount == expectedCount):
a77461
                 log.debug(f'Found {foundCount} keepalive entries as expected on {replica_info}.')
a77461
             else:
a77461
@@ -778,70 +781,45 @@ def verify_keepalive_entries(topo, expected):
a77461
                           f'while {expectedCount} were expected on {replica_info}.')
a77461
                 assert False
a77461
 
a77461
+    return entries
a77461
+
a77461
 
a77461
-def test_online_init_should_create_keepalive_entries(topo_m2):
a77461
-    """Check that keep alive entries are created when initializinf a supplier from another one
a77461
+def test_keepalive_entries(topo_m2):
a77461
+    """Check that keep alive entries are created
a77461
 
a77461
     :id: d5940e71-d18a-4b71-aaf7-b9185361fffe
a77461
     :setup: Two suppliers replication setup
a77461
     :steps:
a77461
-        1. Generate ldif without replication data
a77461
-        2  Init both suppliers from that ldif
a77461
-        3  Check that keep alive entries does not exists
a77461
-        4  Perform on line init of supplier2 from supplier1
a77461
-        5  Check that keep alive entries exists
a77461
+        1. Keep alives entries are present
a77461
+        2. Keep alive entries are updated every 60 seconds
a77461
     :expectedresults:
a77461
-        1. No error while generating ldif
a77461
-        2. No error while importing the ldif file
a77461
-        3. No keepalive entrie should exists on any suppliers
a77461
-        4. No error while initializing supplier2
a77461
-        5. All keepalive entries should exist on every suppliers
a77461
+        1. Success
a77461
+        2. Success
a77461
 
a77461
     """
a77461
 
a77461
-    repl = ReplicationManager(DEFAULT_SUFFIX)
a77461
-    m1 = topo_m2.ms["supplier1"]
a77461
-    m2 = topo_m2.ms["supplier2"]
a77461
-    # Step 1: Generate ldif without replication data
a77461
-    m1.stop()
a77461
-    m2.stop()
a77461
-    ldif_file = '%s/norepl.ldif' % m1.get_ldif_dir()
a77461
-    m1.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX],
a77461
-               excludeSuffixes=None, repl_data=False,
a77461
-               outputfile=ldif_file, encrypt=False)
a77461
-    # Remove replication metadata that are still in the ldif
a77461
-    _remove_replication_data(ldif_file)
a77461
-
a77461
-    # Step 2: Init both suppliers from that ldif
a77461
-    m1.ldif2db(DEFAULT_BENAME, None, None, None, ldif_file)
a77461
-    m2.ldif2db(DEFAULT_BENAME, None, None, None, ldif_file)
a77461
-    m1.start()
a77461
-    m2.start()
a77461
-
a77461
-    """ Replica state is now as if CLI setup has been done using:
a77461
-        dsconf supplier1 replication enable --suffix "${SUFFIX}" --role supplier
a77461
-        dsconf supplier2 replication enable --suffix "${SUFFIX}" --role supplier
a77461
-        dsconf supplier1 replication create-manager --name "${REPLICATION_MANAGER_NAME}" --passwd "${REPLICATION_MANAGER_PASSWORD}"
a77461
-        dsconf supplier2 replication create-manager --name "${REPLICATION_MANAGER_NAME}" --passwd "${REPLICATION_MANAGER_PASSWORD}"
a77461
-        dsconf supplier1 repl-agmt create --suffix "${SUFFIX}"
a77461
-        dsconf supplier2 repl-agmt create --suffix "${SUFFIX}"
a77461
-    """
a77461
+    # default interval is 1 hour, too long for test, set it to the minimum of
a77461
+    # 60 seconds
a77461
+    for supplierId in topo_m2.ms:
a77461
+        supplier = topo_m2.ms[supplierId]
a77461
+        replica = Replicas(supplier).get(DEFAULT_SUFFIX)
a77461
+        replica.replace('nsds5ReplicaKeepAliveUpdateInterval', '60')
a77461
+        supplier.restart()
a77461
 
a77461
-    # Step 3: No keepalive entrie should exists on any suppliers
a77461
-    verify_keepalive_entries(topo_m2, False)
a77461
+    # verify entries exist
a77461
+    entries = verify_keepalive_entries(topo_m2, True);
a77461
 
a77461
-    # Step 4: Perform on line init of supplier2 from supplier1
a77461
-    agmt = Agreements(m1).list()[0]
a77461
-    agmt.begin_reinit()
a77461
-    (done, error) = agmt.wait_reinit()
a77461
-    assert done is True
a77461
-    assert error is False
a77461
+    # Get current time from keep alive entry
a77461
+    keep_alive_s1 = str(entries[0].data['keepalivetimestamp'])
a77461
+    keep_alive_s2 = str(entries[1].data['keepalivetimestamp'])
a77461
+
a77461
+    # Wait for event interval (60 secs) to pass
a77461
+    time.sleep(61)
a77461
 
a77461
-    # Step 5: All keepalive entries should exists on every suppliers
a77461
-    #  Verify the keep alive entry once replication is in sync
a77461
-    # (that is the step that fails when bug is not fixed)
a77461
-    repl.wait_for_ruv(m2,m1)
a77461
-    verify_keepalive_entries(topo_m2, True);
a77461
+    # Check keep alives entries have been updated
a77461
+    entries = verify_keepalive_entries(topo_m2, True);
a77461
+    assert keep_alive_s1 != str(entries[0].data['keepalivetimestamp'])
a77461
+    assert keep_alive_s2 != str(entries[1].data['keepalivetimestamp'])
a77461
 
a77461
 
a77461
 @pytest.mark.ds49915
a77461
diff --git a/dirsrvtests/tests/suites/replication/replica_config_test.py b/dirsrvtests/tests/suites/replication/replica_config_test.py
a77461
index c2140a2ac..06ae5afcf 100644
a77461
--- a/dirsrvtests/tests/suites/replication/replica_config_test.py
a77461
+++ b/dirsrvtests/tests/suites/replication/replica_config_test.py
a77461
@@ -50,7 +50,8 @@ repl_add_attrs = [('nsDS5ReplicaType', '-1', '4', overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaProtocolTimeout', '-1', too_big, overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaReleaseTimeout', '-1', too_big, overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaBackoffMin', '0', too_big, overflow, notnum, '3'),
a77461
-                  ('nsds5ReplicaBackoffMax', '0', too_big, overflow, notnum, '6')]
a77461
+                  ('nsds5ReplicaBackoffMax', '0', too_big, overflow, notnum, '6'),
a77461
+                  ('nsds5ReplicaKeepAliveUpdateInterval', '59', too_big, overflow, notnum, '60'),]
a77461
 
a77461
 repl_mod_attrs = [('nsDS5Flags', '-1', '2', overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaPurgeDelay', '-2', too_big, overflow, notnum, '1'),
a77461
@@ -59,7 +60,8 @@ repl_mod_attrs = [('nsDS5Flags', '-1', '2', overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaProtocolTimeout', '-1', too_big, overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaReleaseTimeout', '-1', too_big, overflow, notnum, '1'),
a77461
                   ('nsds5ReplicaBackoffMin', '0', too_big, overflow, notnum, '3'),
a77461
-                  ('nsds5ReplicaBackoffMax', '0', too_big, overflow, notnum, '6')]
a77461
+                  ('nsds5ReplicaBackoffMax', '0', too_big, overflow, notnum, '6'),
a77461
+                  ('nsds5ReplicaKeepAliveUpdateInterval', '59', too_big, overflow, notnum, '60'),]
a77461
 
a77461
 agmt_attrs = [
a77461
               ('nsds5ReplicaPort', '0', '65535', overflow, notnum, '389'),
a77461
diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
a77461
index 0c73e5114..7a9598730 100644
a77461
--- a/ldap/schema/01core389.ldif
a77461
+++ b/ldap/schema/01core389.ldif
a77461
@@ -327,6 +327,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2371 NAME 'nsDS5ReplicaBootstrapBindDN'
a77461
 attributeTypes: ( 2.16.840.1.113730.3.1.2372 NAME 'nsDS5ReplicaBootstrapCredentials' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
a77461
 attributeTypes: ( 2.16.840.1.113730.3.1.2373 NAME 'nsDS5ReplicaBootstrapBindMethod' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
a77461
 attributeTypes: ( 2.16.840.1.113730.3.1.2374 NAME 'nsDS5ReplicaBootstrapTransportInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
a77461
+attributeTypes: ( 2.16.840.1.113730.3.1.2390 NAME 'nsds5ReplicaKeepAliveUpdateInterval' DESC '389 defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )
a77461
 #
a77461
 # objectclasses
a77461
 #
a77461
@@ -336,7 +337,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top  MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
a77461
-objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Replication configuration objectclass' SUP top  MUST ( nsDS5ReplicaRoot $  nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsDS5ReplicaBindDNGroup $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout $ nsDS5ReplicaBindDnGroupCheckInterval ) X-ORIGIN 'Netscape Directory Server' )
a77461
+objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Replication configuration objectclass' SUP top  MUST ( nsDS5ReplicaRoot $  nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsDS5ReplicaBindDNGroup $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout $ nsDS5ReplicaBindDnGroupCheckInterval $ nsds5ReplicaKeepAliveUpdateInterval ) X-ORIGIN 'Netscape Directory Server' )
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults $ nsds5ReplicaIgnoreMissingChange $ nsDS5ReplicaBootstrapBindDN $ nsDS5ReplicaBootstrapCredentials $ nsDS5ReplicaBootstrapBindMethod $ nsDS5ReplicaBootstrapTransportInfo ) X-ORIGIN 'Netscape Directory Server' )
a77461
 objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
a77461
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
a77461
index 06e747811..c2fbff8c0 100644
a77461
--- a/ldap/servers/plugins/replication/repl5.h
a77461
+++ b/ldap/servers/plugins/replication/repl5.h
a77461
@@ -1,6 +1,6 @@
a77461
 /** BEGIN COPYRIGHT BLOCK
a77461
  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
a77461
- * Copyright (C) 2020 Red Hat, Inc.
a77461
+ * Copyright (C) 2022 Red Hat, Inc.
a77461
  * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
a77461
  * All rights reserved.
a77461
  *
a77461
@@ -120,6 +120,8 @@
a77461
 #define PROTOCOL_STATUS_TOTAL_SENDING_DATA             711
a77461
 
a77461
 #define DEFAULT_PROTOCOL_TIMEOUT 120
a77461
+#define DEFAULT_REPLICA_KEEPALIVE_UPDATE_INTERVAL 3600
a77461
+#define REPLICA_KEEPALIVE_UPDATE_INTERVAL_MIN 60
a77461
 
a77461
 /* To Allow Consumer Initialization when adding an agreement - */
a77461
 #define STATE_PERFORMING_TOTAL_UPDATE       501
a77461
@@ -162,6 +164,7 @@ extern const char *type_nsds5ReplicaBootstrapBindDN;
a77461
 extern const char *type_nsds5ReplicaBootstrapCredentials;
a77461
 extern const char *type_nsds5ReplicaBootstrapBindMethod;
a77461
 extern const char *type_nsds5ReplicaBootstrapTransportInfo;
a77461
+extern const char *type_replicaKeepAliveUpdateInterval;
a77461
 
a77461
 /* Attribute names for windows replication agreements */
a77461
 extern const char *type_nsds7WindowsReplicaArea;
a77461
@@ -677,8 +680,8 @@ Replica *windows_replica_new(const Slapi_DN *root);
a77461
    during addition of the replica over LDAP */
a77461
 int replica_new_from_entry(Slapi_Entry *e, char *errortext, PRBool is_add_operation, Replica **r);
a77461
 void replica_destroy(void **arg);
a77461
-int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
a77461
-int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
a77461
+void replica_subentry_update(time_t when, void *arg);
a77461
+int replica_subentry_check(const char *repl_root, ReplicaId rid);
a77461
 PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, uint64_t connid, int opid, const char *locking_purl, char **current_purl);
a77461
 void replica_relinquish_exclusive_access(Replica *r, uint64_t connid, int opid);
a77461
 PRBool replica_get_tombstone_reap_active(const Replica *r);
a77461
@@ -739,6 +742,8 @@ void consumer5_set_mapping_tree_state_for_replica(const Replica *r, RUV *supplie
a77461
 Replica *replica_get_for_backend(const char *be_name);
a77461
 void replica_set_purge_delay(Replica *r, uint32_t purge_delay);
a77461
 void replica_set_tombstone_reap_interval(Replica *r, long interval);
a77461
+void replica_set_keepalive_update_interval(Replica *r, int64_t interval);
a77461
+int64_t replica_get_keepalive_update_interval(Replica *r);
a77461
 void replica_update_ruv_consumer(Replica *r, RUV *supplier_ruv);
a77461
 Slapi_Entry *get_in_memory_ruv(Slapi_DN *suffix_sdn);
a77461
 int replica_write_ruv(Replica *r);
a77461
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
a77461
index 4bb384882..846951b9e 100644
a77461
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
a77461
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
a77461
@@ -1,6 +1,6 @@
a77461
 /** BEGIN COPYRIGHT BLOCK
a77461
  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
a77461
- * Copyright (C) 2020 Red Hat, Inc.
a77461
+ * Copyright (C) 2022 Red Hat, Inc.
a77461
  * All rights reserved.
a77461
  *
a77461
  * License: GPL (version 3 or any later version).
a77461
@@ -1677,13 +1677,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
a77461
     } else {
a77461
         ConnResult replay_crc;
a77461
         Replica *replica = prp->replica;
a77461
-        PRBool subentry_update_needed = PR_FALSE;
a77461
         PRUint64 release_timeout = replica_get_release_timeout(replica);
a77461
         char csn_str[CSN_STRSIZE];
a77461
-        int skipped_updates = 0;
a77461
-        int fractional_repl;
a77461
         int finished = 0;
a77461
-#define FRACTIONAL_SKIPPED_THRESHOLD 100
a77461
 
a77461
         /* Start the results reading thread */
a77461
         rd = repl5_inc_rd_new(prp);
a77461
@@ -1700,7 +1696,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
a77461
 
a77461
         memset((void *)&op, 0, sizeof(op));
a77461
         entry.op = &op;
a77461
-        fractional_repl = agmt_is_fractional(prp->agmt);
a77461
         do {
a77461
             cl5_operation_parameters_done(entry.op);
a77461
             memset((void *)entry.op, 0, sizeof(op));
a77461
@@ -1781,14 +1776,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
a77461
                     replica_id = csn_get_replicaid(entry.op->csn);
a77461
                     uniqueid = entry.op->target_address.uniqueid;
a77461
 
a77461
-                    if (fractional_repl && message_id) {
a77461
-                        /* This update was sent no need to update the subentry
a77461
-                         * and restart counting the skipped updates
a77461
-                         */
a77461
-                        subentry_update_needed = PR_FALSE;
a77461
-                        skipped_updates = 0;
a77461
-                    }
a77461
-
a77461
                     if (prp->repl50consumer && message_id) {
a77461
                         int operation, error = 0;
a77461
 
a77461
@@ -1816,15 +1803,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
a77461
                                       agmt_get_long_name(prp->agmt),
a77461
                                       entry.op->target_address.uniqueid, csn_str);
a77461
                         agmt_inc_last_update_changecount(prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/);
a77461
-                        if (fractional_repl) {
a77461
-                            skipped_updates++;
a77461
-                            if (skipped_updates > FRACTIONAL_SKIPPED_THRESHOLD) {
a77461
-                                slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name,
a77461
-                                              "send_updates - %s: skipped updates is too high (%d) if no other update is sent we will update the subentry\n",
a77461
-                                              agmt_get_long_name(prp->agmt), skipped_updates);
a77461
-                                subentry_update_needed = PR_TRUE;
a77461
-                            }
a77461
-                        }
a77461
                     }
a77461
                 }
a77461
                 break;
a77461
@@ -1906,26 +1884,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
a77461
             PR_Unlock(rd->lock);
a77461
         } while (!finished);
a77461
 
a77461
-        if (fractional_repl && subentry_update_needed) {
a77461
-            ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
a77461
-            Slapi_DN *replarea_sdn = NULL;
a77461
-
a77461
-            if (replica) {
a77461
-                rid = replica_get_rid(replica);
a77461
-            }
a77461
-            slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name,
a77461
-                          "send_updates - %s: skipped updates was definitely too high (%d) update the subentry now\n",
a77461
-                          agmt_get_long_name(prp->agmt), skipped_updates);
a77461
-            replarea_sdn = agmt_get_replarea(prp->agmt);
a77461
-            if (!replarea_sdn) {
a77461
-                slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name,
a77461
-                              "send_updates - Unknown replication area due to agreement not found.");
a77461
-                agmt_set_last_update_status(prp->agmt, 0, -1, "Agreement is corrupted: missing suffix");
a77461
-                return_value = UPDATE_FATAL_ERROR;
a77461
-            } else {
a77461
-                replica_subentry_update(replarea_sdn, rid);
a77461
-            }
a77461
-        }
a77461
         /* Terminate the results reading thread */
a77461
         if (!prp->repl50consumer) {
a77461
             /* We need to ensure that we wait until all the responses have been received from our operations */
a77461
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
a77461
index 3bd57647f..ded4cf754 100644
a77461
--- a/ldap/servers/plugins/replication/repl5_replica.c
a77461
+++ b/ldap/servers/plugins/replication/repl5_replica.c
a77461
@@ -1,6 +1,6 @@
a77461
 /** BEGIN COPYRIGHT BLOCK
a77461
  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
a77461
- * Copyright (C) 2005 Red Hat, Inc.
a77461
+ * Copyright (C) 2022 Red Hat, Inc.
a77461
  * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
a77461
  * All rights reserved.
a77461
  *
a77461
@@ -22,7 +22,6 @@
a77461
 #include "slap.h"
a77461
 
a77461
 #define RUV_SAVE_INTERVAL (30 * 1000) /* 30 seconds */
a77461
-
a77461
 #define REPLICA_RDN "cn=replica"
a77461
 
a77461
 /*
a77461
@@ -48,6 +47,7 @@ struct replica
a77461
     PRMonitor *repl_lock;              /* protects entire structure */
a77461
     Slapi_Eq_Context repl_eqcxt_rs;    /* context to cancel event that saves ruv */
a77461
     Slapi_Eq_Context repl_eqcxt_tr;    /* context to cancel event that reaps tombstones */
a77461
+    Slapi_Eq_Context repl_eqcxt_ka_update; /* keep-alive entry update event */
a77461
     Object *repl_csngen;               /* CSN generator for this replica */
a77461
     PRBool repl_csn_assigned;          /* Flag set when new csn is assigned. */
a77461
     int64_t repl_purge_delay;          /* When purgeable, CSNs are held on to for this many extra seconds */
a77461
@@ -66,6 +66,7 @@ struct replica
a77461
     uint64_t agmt_count;               /* Number of agmts */
a77461
     Slapi_Counter *release_timeout;    /* The amount of time to wait before releasing active replica */
a77461
     uint64_t abort_session;            /* Abort the current replica session */
a77461
+    int64_t keepalive_update_interval; /* interval to do dummy update to keep RUV fresh */)
a77461
 };
a77461
 
a77461
 
a77461
@@ -133,8 +134,8 @@ replica_new(const Slapi_DN *root)
a77461
                                &r);
a77461
 
a77461
         if (NULL == r) {
a77461
-            slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_new - "
a77461
-                                                           "Unable to configure replica %s: %s\n",
a77461
+            slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name,
a77461
+                          "replica_new - Unable to configure replica %s: %s\n",
a77461
                           slapi_sdn_get_dn(root), errorbuf);
a77461
         }
a77461
         slapi_entry_free(e);
a77461
@@ -232,7 +233,15 @@ replica_new_from_entry(Slapi_Entry *e, char *errortext, PRBool is_add_operation,
a77461
        In that case the updated would fail but nothing bad would happen. The next
a77461
        scheduled update would save the state */
a77461
     r->repl_eqcxt_rs = slapi_eq_repeat_rel(replica_update_state, r->repl_name,
a77461
-                                           slapi_current_rel_time_t() + START_UPDATE_DELAY, RUV_SAVE_INTERVAL);
a77461
+                                           slapi_current_rel_time_t() + START_UPDATE_DELAY,
a77461
+                                           RUV_SAVE_INTERVAL);
a77461
+
a77461
+    /* create supplier update event */
a77461
+    if (r->repl_eqcxt_ka_update == NULL && replica_get_type(r) == REPLICA_TYPE_UPDATABLE) {
a77461
+        r->repl_eqcxt_ka_update = slapi_eq_repeat_rel(replica_subentry_update, r,
a77461
+                                                   slapi_current_rel_time_t() + START_UPDATE_DELAY,
a77461
+                                                   replica_get_keepalive_update_interval(r));
a77461
+    }
a77461
 
a77461
     if (r->tombstone_reap_interval > 0) {
a77461
         /*
a77461
@@ -302,6 +311,11 @@ replica_destroy(void **arg)
a77461
      * and ruv updates.
a77461
      */
a77461
 
a77461
+    if (r->repl_eqcxt_ka_update) {
a77461
+        slapi_eq_cancel_rel(r->repl_eqcxt_ka_update);
a77461
+        r->repl_eqcxt_ka_update = NULL;
a77461
+    }
a77461
+
a77461
     if (r->repl_eqcxt_rs) {
a77461
         slapi_eq_cancel_rel(r->repl_eqcxt_rs);
a77461
         r->repl_eqcxt_rs = NULL;
a77461
@@ -393,7 +407,7 @@ replica_destroy(void **arg)
a77461
 
a77461
 
a77461
 static int
a77461
-replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
a77461
+replica_subentry_create(const char *repl_root, ReplicaId rid)
a77461
 {
a77461
     char *entry_string = NULL;
a77461
     Slapi_Entry *e = NULL;
a77461
@@ -402,7 +416,7 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
a77461
     int rc = 0;
a77461
 
a77461
     entry_string = slapi_ch_smprintf("dn: cn=%s %d,%s\nobjectclass: top\nobjectclass: ldapsubentry\nobjectclass: extensibleObject\ncn: %s %d",
a77461
-                                     KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), KEEP_ALIVE_ENTRY, rid);
a77461
+                                     KEEP_ALIVE_ENTRY, rid, repl_root, KEEP_ALIVE_ENTRY, rid);
a77461
     if (entry_string == NULL) {
a77461
         slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name,
a77461
                       "replica_subentry_create - Failed in slapi_ch_smprintf\n");
a77461
@@ -441,7 +455,7 @@ done:
a77461
 }
a77461
 
a77461
 int
a77461
-replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
a77461
+replica_subentry_check(const char *repl_root, ReplicaId rid)
a77461
 {
a77461
     Slapi_PBlock *pb;
a77461
     char *filter = NULL;
a77461
@@ -451,7 +465,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
a77461
 
a77461
     pb = slapi_pblock_new();
a77461
     filter = slapi_ch_smprintf("(&(objectclass=ldapsubentry)(cn=%s %d))", KEEP_ALIVE_ENTRY, rid);
a77461
-    slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(repl_root), LDAP_SCOPE_ONELEVEL,
a77461
+    slapi_search_internal_set_pb(pb, repl_root, LDAP_SCOPE_ONELEVEL,
a77461
                                  filter, NULL, 0, NULL, NULL,
a77461
                                  repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
a77461
     slapi_search_internal_pb(pb);
a77461
@@ -460,17 +474,19 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
a77461
         slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
a77461
         if (entries && (entries[0] == NULL)) {
a77461
             slapi_log_err(SLAPI_LOG_NOTICE, repl_plugin_name,
a77461
-                          "replica_subentry_check - Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
a77461
+                          "replica_subentry_check - Need to create replication keep alive entry <cn=%s %d,%s>\n",
a77461
+                          KEEP_ALIVE_ENTRY, rid, repl_root);
a77461
             rc = replica_subentry_create(repl_root, rid);
a77461
         } else {
a77461
             slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name,
a77461
-                          "replica_subentry_check - replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
a77461
+                          "replica_subentry_check - replication keep alive entry <cn=%s %d,%s> already exists\n",
a77461
+                          KEEP_ALIVE_ENTRY, rid, repl_root);
a77461
             rc = 0;
a77461
         }
a77461
     } else {
a77461
         slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name,
a77461
                       "replica_subentry_check - Error accessing replication keep alive entry <cn=%s %d,%s> res=%d\n",
a77461
-                      KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), res);
a77461
+                      KEEP_ALIVE_ENTRY, rid, repl_root, res);
a77461
         /* The status of the entry is not clear, do not attempt to create it */
a77461
         rc = 1;
a77461
     }
a77461
@@ -481,60 +497,59 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
a77461
     return rc;
a77461
 }
a77461
 
a77461
-int
a77461
-replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid)
a77461
+void
a77461
+replica_subentry_update(time_t when __attribute__((unused)), void *arg)
a77461
 {
a77461
-    int ldrc;
a77461
-    int rc = LDAP_SUCCESS; /* Optimistic default */
a77461
+    Slapi_PBlock *modpb = NULL;
a77461
+    Replica *replica = (Replica *)arg;
a77461
+    ReplicaId rid;
a77461
     LDAPMod *mods[2];
a77461
     LDAPMod mod;
a77461
     struct berval *vals[2];
a77461
-    char buf[SLAPI_TIMESTAMP_BUFSIZE];
a77461
     struct berval val;
a77461
-    Slapi_PBlock *modpb = NULL;
a77461
-    char *dn;
a77461
+    const char *repl_root = NULL;
a77461
+    char buf[SLAPI_TIMESTAMP_BUFSIZE];
a77461
+    char *dn = NULL;
a77461
+    int ldrc = 0;
a77461
 
a77461
+    rid = replica_get_rid(replica);
a77461
+    repl_root = slapi_ch_strdup(slapi_sdn_get_dn(replica_get_root(replica)));
a77461
     replica_subentry_check(repl_root, rid);
a77461
 
a77461
     slapi_timestamp_utc_hr(buf, SLAPI_TIMESTAMP_BUFSIZE);
a77461
-
a77461
-    slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "subentry_update called at %s\n", buf);
a77461
-
a77461
-
a77461
+    slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "replica_subentry_update called at %s\n", buf);
a77461
     val.bv_val = buf;
a77461
     val.bv_len = strlen(val.bv_val);
a77461
-
a77461
     vals[0] = &val;
a77461
     vals[1] = NULL;
a77461
 
a77461
     mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
a77461
     mod.mod_type = KEEP_ALIVE_ATTR;
a77461
     mod.mod_bvalues = vals;
a77461
-
a77461
     mods[0] = &mod;
a77461
     mods[1] = NULL;
a77461
 
a77461
     modpb = slapi_pblock_new();
a77461
-    dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
a77461
-
a77461
+    dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, repl_root);
a77461
     slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL,
a77461
                                  repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
a77461
     slapi_modify_internal_pb(modpb);
a77461
-
a77461
     slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc;;
a77461
-
a77461
     if (ldrc != LDAP_SUCCESS) {
a77461
         slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name,
a77461
-                      "Failure (%d) to update replication keep alive entry \"%s: %s\"\n", ldrc, KEEP_ALIVE_ATTR, buf);
a77461
-        rc = ldrc;
a77461
+                      "replica_subentry_update - "
a77461
+                      "Failure (%d) to update replication keep alive entry \"%s: %s\"\n",
a77461
+                      ldrc, KEEP_ALIVE_ATTR, buf);
a77461
     } else {
a77461
         slapi_log_err(SLAPI_LOG_PLUGIN, repl_plugin_name,
a77461
-                      "Successful update of replication keep alive entry \"%s: %s\"\n", KEEP_ALIVE_ATTR, buf);
a77461
+                      "replica_subentry_update - "
a77461
+                      "Successful update of replication keep alive entry \"%s: %s\"\n",
a77461
+                      KEEP_ALIVE_ATTR, buf);
a77461
     }
a77461
 
a77461
     slapi_pblock_destroy(modpb);
a77461
+    slapi_ch_free_string((char **)&repl_root);
a77461
     slapi_ch_free_string(&dn;;
a77461
-    return rc;
a77461
 }
a77461
 /*
a77461
  * Attempt to obtain exclusive access to replica (advisory only)
a77461
@@ -1512,7 +1527,15 @@ replica_set_enabled(Replica *r, PRBool enable)
a77461
         if (r->repl_eqcxt_rs == NULL) /* event is not already registered */
a77461
         {
a77461
             r->repl_eqcxt_rs = slapi_eq_repeat_rel(replica_update_state, r->repl_name,
a77461
-                                                   slapi_current_rel_time_t() + START_UPDATE_DELAY, RUV_SAVE_INTERVAL);
a77461
+                                                   slapi_current_rel_time_t() + START_UPDATE_DELAY,
a77461
+                                                   RUV_SAVE_INTERVAL);
a77461
+
a77461
+        }
a77461
+        /* create supplier update event */
a77461
+        if (r->repl_eqcxt_ka_update == NULL && replica_get_type(r) == REPLICA_TYPE_UPDATABLE) {
a77461
+            r->repl_eqcxt_ka_update = slapi_eq_repeat_rel(replica_subentry_update, r,
a77461
+                                                       slapi_current_rel_time_t() + START_UPDATE_DELAY,
a77461
+                                                       replica_get_keepalive_update_interval(r));
a77461
         }
a77461
     } else /* disable */
a77461
     {
a77461
@@ -1521,6 +1544,11 @@ replica_set_enabled(Replica *r, PRBool enable)
a77461
             slapi_eq_cancel_rel(r->repl_eqcxt_rs);
a77461
             r->repl_eqcxt_rs = NULL;
a77461
         }
a77461
+        /* Remove supplier update event */
a77461
+        if (replica_get_type(r) == REPLICA_TYPE_PRIMARY) {
a77461
+            slapi_eq_cancel_rel(r->repl_eqcxt_ka_update);
a77461
+            r->repl_eqcxt_ka_update = NULL;
a77461
+        }
a77461
     }
a77461
 
a77461
     replica_unlock(r->repl_lock);
a77461
@@ -2119,6 +2147,17 @@ _replica_init_from_config(Replica *r, Slapi_Entry *e, char *errortext)
a77461
         r->tombstone_reap_interval = 3600 * 24; /* One week, in seconds */
a77461
     }
a77461
 
a77461
+    if ((val = (char*)slapi_entry_attr_get_ref(e, type_replicaKeepAliveUpdateInterval))) {
a77461
+        if (repl_config_valid_num(type_replicaKeepAliveUpdateInterval, val, REPLICA_KEEPALIVE_UPDATE_INTERVAL_MIN,
a77461
+                                  INT_MAX, &rc, errormsg, &interval) != 0)
a77461
+        {
a77461
+            return LDAP_UNWILLING_TO_PERFORM;
a77461
+        }
a77461
+        r->keepalive_update_interval = interval;
a77461
+    } else {
a77461
+        r->keepalive_update_interval = DEFAULT_REPLICA_KEEPALIVE_UPDATE_INTERVAL;
a77461
+    }
a77461
+
a77461
     r->tombstone_reap_stop = r->tombstone_reap_active = PR_FALSE;
a77461
 
a77461
     /* No supplier holding the replica */
a77461
@@ -3646,6 +3685,26 @@ replica_set_tombstone_reap_interval(Replica *r, long interval)
a77461
     replica_unlock(r->repl_lock);
a77461
 }
a77461
 
a77461
+void
a77461
+replica_set_keepalive_update_interval(Replica *r, int64_t interval)
a77461
+{
a77461
+    replica_lock(r->repl_lock);
a77461
+    r->keepalive_update_interval = interval;
a77461
+    replica_unlock(r->repl_lock);
a77461
+}
a77461
+
a77461
+int64_t
a77461
+replica_get_keepalive_update_interval(Replica *r)
a77461
+{
a77461
+    int64_t interval = DEFAULT_REPLICA_KEEPALIVE_UPDATE_INTERVAL;
a77461
+
a77461
+    replica_lock(r->repl_lock);
a77461
+    interval = r->keepalive_update_interval;
a77461
+    replica_unlock(r->repl_lock);
a77461
+
a77461
+    return interval;
a77461
+}
a77461
+
a77461
 static void
a77461
 replica_strip_cleaned_rids(Replica *r)
a77461
 {
a77461
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
a77461
index 2c6d74b13..aea2cf506 100644
a77461
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
a77461
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
a77461
@@ -438,6 +438,9 @@ replica_config_modify(Slapi_PBlock *pb,
a77461
                 } else if (strcasecmp(config_attr, type_replicaBackoffMax) == 0) {
a77461
                     if (apply_mods)
a77461
                         replica_set_backoff_max(r, PROTOCOL_BACKOFF_MAXIMUM);
a77461
+                } else if (strcasecmp(config_attr, type_replicaKeepAliveUpdateInterval) == 0) {
a77461
+                    if (apply_mods)
a77461
+                        replica_set_keepalive_update_interval(r, DEFAULT_REPLICA_KEEPALIVE_UPDATE_INTERVAL);
a77461
                 } else if (strcasecmp(config_attr, type_replicaPrecisePurge) == 0) {
a77461
                     if (apply_mods)
a77461
                         replica_set_precise_purging(r, 0);
a77461
@@ -472,6 +475,15 @@ replica_config_modify(Slapi_PBlock *pb,
a77461
                     } else {
a77461
                         break;
a77461
                     }
a77461
+                } else if (strcasecmp(config_attr, type_replicaKeepAliveUpdateInterval) == 0) {
a77461
+                    int64_t interval = DEFAULT_REPLICA_KEEPALIVE_UPDATE_INTERVAL;
a77461
+                    if (repl_config_valid_num(config_attr, config_attr_value, REPLICA_KEEPALIVE_UPDATE_INTERVAL_MIN,
a77461
+                                              INT_MAX, returncode, errortext, &interval) == 0)
a77461
+                    {
a77461
+                        replica_set_keepalive_update_interval(r, interval);
a77461
+                    } else {
a77461
+                        break;
a77461
+                    }
a77461
                 } else if (strcasecmp(config_attr, attr_replicaType) == 0) {
a77461
                     int64_t rtype;
a77461
                     slapi_ch_free_string(&new_repl_type);
a77461
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
a77461
index f67263c3e..4b2064912 100644
a77461
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
a77461
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
a77461
@@ -510,7 +510,7 @@ retry:
a77461
         if (prp->replica) {
a77461
             rid = replica_get_rid(prp->replica);
a77461
         }
a77461
-        replica_subentry_check(area_sdn, rid);
a77461
+        replica_subentry_check(slapi_sdn_get_dn(area_sdn), rid);
a77461
 
a77461
         /* Send the subtree of the suffix in the order of parentid index plus ldapsubentry and nstombstone. */
a77461
         check_suffix_entryID(be, suffix);
a77461
@@ -531,7 +531,7 @@ retry:
a77461
         if (prp->replica) {
a77461
             rid = replica_get_rid(prp->replica);
a77461
         }
a77461
-        replica_subentry_check(area_sdn, rid);
a77461
+        replica_subentry_check(slapi_sdn_get_dn(area_sdn), rid);
a77461
 
a77461
         slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(area_sdn),
a77461
                                      LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL,
a77461
diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c
a77461
index ef2025dd9..8b178610b 100644
a77461
--- a/ldap/servers/plugins/replication/repl_extop.c
a77461
+++ b/ldap/servers/plugins/replication/repl_extop.c
a77461
@@ -1176,7 +1176,7 @@ multimaster_extop_EndNSDS50ReplicationRequest(Slapi_PBlock *pb)
a77461
                     /* now that the changelog is open and started, we can alos cretae the
a77461
                      * keep alive entry without risk that db and cl will not match
a77461
                      */
a77461
-                    replica_subentry_check((Slapi_DN *)replica_get_root(r), replica_get_rid(r));
a77461
+                    replica_subentry_check(slapi_sdn_get_dn(replica_get_root(r)), replica_get_rid(r));
a77461
                 }
a77461
 
a77461
                 /* ONREPL code that dealt with new RUV, etc was moved into the code
a77461
diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c
a77461
index 000777fdd..797ca957f 100644
a77461
--- a/ldap/servers/plugins/replication/repl_globals.c
a77461
+++ b/ldap/servers/plugins/replication/repl_globals.c
a77461
@@ -89,6 +89,7 @@ const char *type_replicaReleaseTimeout = "nsds5ReplicaReleaseTimeout";
a77461
 const char *type_replicaBackoffMin = "nsds5ReplicaBackoffMin";
a77461
 const char *type_replicaBackoffMax = "nsds5ReplicaBackoffMax";
a77461
 const char *type_replicaPrecisePurge = "nsds5ReplicaPreciseTombstonePurging";
a77461
+const char *type_replicaKeepAliveUpdateInterval = "nsds5ReplicaKeepAliveUpdateInterval";
a77461
 
a77461
 /* Attribute names for replication agreement attributes */
a77461
 const char *type_nsds5ReplicaHost = "nsds5ReplicaHost";
a77461
diff --git a/src/cockpit/389-console/src/lib/replication/replConfig.jsx b/src/cockpit/389-console/src/lib/replication/replConfig.jsx
a77461
index 1f0dc3ec5..3dffb8f1a 100644
a77461
--- a/src/cockpit/389-console/src/lib/replication/replConfig.jsx
a77461
+++ b/src/cockpit/389-console/src/lib/replication/replConfig.jsx
a77461
@@ -48,6 +48,7 @@ export class ReplConfig extends React.Component {
a77461
             nsds5replicaprotocoltimeout: Number(this.props.data.nsds5replicaprotocoltimeout) == 0 ? 120 : Number(this.props.data.nsds5replicaprotocoltimeout),
a77461
             nsds5replicabackoffmin: Number(this.props.data.nsds5replicabackoffmin) == 0 ? 3 : Number(this.props.data.nsds5replicabackoffmin),
a77461
             nsds5replicabackoffmax: Number(this.props.data.nsds5replicabackoffmax) == 0 ? 300 : Number(this.props.data.nsds5replicabackoffmax),
a77461
+            nsds5replicakeepaliveupdateinterval: Number(this.props.data.nsds5replicakeepaliveupdateinterval) == 0 ? 3600 : Number(this.props.data.nsds5replicakeepaliveupdateinterval),
a77461
             // Original settings
a77461
             _nsds5replicabinddn: this.props.data.nsds5replicabinddn,
a77461
             _nsds5replicabinddngroup: this.props.data.nsds5replicabinddngroup,
a77461
@@ -59,6 +60,7 @@ export class ReplConfig extends React.Component {
a77461
             _nsds5replicaprotocoltimeout: Number(this.props.data.nsds5replicaprotocoltimeout) == 0 ? 120 : Number(this.props.data.nsds5replicaprotocoltimeout),
a77461
             _nsds5replicabackoffmin: Number(this.props.data.nsds5replicabackoffmin) == 0 ? 3 : Number(this.props.data.nsds5replicabackoffmin),
a77461
             _nsds5replicabackoffmax: Number(this.props.data.nsds5replicabackoffmax) == 0 ? 300 : Number(this.props.data.nsds5replicabackoffmax),
a77461
+            _nsds5replicakeepaliveupdateinterval: Number(this.props.data.nsds5replicakeepaliveupdateinterval) == 0 ? 3600 : Number(this.props.data.nsds5replicakeepaliveupdateinterval),
a77461
         };
a77461
 
a77461
         this.onToggle = (isExpanded) => {
a77461
@@ -275,7 +277,7 @@ export class ReplConfig extends React.Component {
a77461
             'nsds5replicapurgedelay', 'nsds5replicatombstonepurgeinterval',
a77461
             'nsds5replicareleasetimeout', 'nsds5replicaprotocoltimeout',
a77461
             'nsds5replicabackoffmin', 'nsds5replicabackoffmax',
a77461
-            'nsds5replicaprecisetombstonepurging'
a77461
+            'nsds5replicaprecisetombstonepurging', 'nsds5replicakeepaliveupdateinterval',
a77461
         ];
a77461
         // Check if a setting was changed, if so enable the save button
a77461
         for (const config_attr of config_attrs) {
a77461
@@ -301,7 +303,7 @@ export class ReplConfig extends React.Component {
a77461
             'nsds5replicapurgedelay', 'nsds5replicatombstonepurgeinterval',
a77461
             'nsds5replicareleasetimeout', 'nsds5replicaprotocoltimeout',
a77461
             'nsds5replicabackoffmin', 'nsds5replicabackoffmax',
a77461
-            'nsds5replicaprecisetombstonepurging'
a77461
+            'nsds5replicaprecisetombstonepurging', 'nsds5replicakeepaliveupdateinterval',
a77461
         ];
a77461
         // Check if a setting was changed, if so enable the save button
a77461
         for (const config_attr of config_attrs) {
a77461
@@ -451,6 +453,9 @@ export class ReplConfig extends React.Component {
a77461
         if (this.state.nsds5replicabinddngroupcheckinterval != this.state._nsds5replicabinddngroupcheckinterval) {
a77461
             cmd.push("--repl-bind-group-interval=" + this.state.nsds5replicabinddngroupcheckinterval);
a77461
         }
a77461
+        if (this.state.nsds5replicakeepaliveupdateinterval != this.state._nsds5replicakeepaliveupdateinterval) {
a77461
+            cmd.push("--repl-keepalive-update-interval=" + this.state.nsds5replicakeepaliveupdateinterval);
a77461
+        }
a77461
         if (this.state.nsds5replicareleasetimeout != this.state._nsds5replicareleasetimeout) {
a77461
             cmd.push("--repl-release-timeout=" + this.state.nsds5replicareleasetimeout);
a77461
         }
a77461
@@ -786,6 +791,29 @@ export class ReplConfig extends React.Component {
a77461
                                         />
a77461
                                     </GridItem>
a77461
                                 </Grid>
a77461
+                                
a77461
+                                    title="The interval in seconds that the server will apply an internal update to get the RUV from getting stale. (nsds5replicakeepaliveupdateinterval)."
a77461
+                                    className="ds-margin-top"
a77461
+                                >
a77461
+                                    <GridItem className="ds-label" span={3}>
a77461
+                                        Refresh RUV Interval
a77461
+                                    </GridItem>
a77461
+                                    <GridItem span={9}>
a77461
+                                        
a77461
+                                            value={this.state.nsds5replicakeepaliveupdateinterval}
a77461
+                                            min={60}
a77461
+                                            max={this.maxValue}
a77461
+                                            onMinus={() => { this.onMinusConfig("nsds5replicakeepaliveupdateinterval") }}
a77461
+                                            onChange={(e) => { this.onConfigChange(e, "nsds5replicakeepaliveupdateinterval", 60) }}
a77461
+                                            onPlus={() => { this.onPlusConfig("nsds5replicakeepaliveupdateinterval") }}
a77461
+                                            inputName="input"
a77461
+                                            inputAriaLabel="number input"
a77461
+                                            minusBtnAriaLabel="minus"
a77461
+                                            plusBtnAriaLabel="plus"
a77461
+                                            widthChars={8}
a77461
+                                        />
a77461
+                                    </GridItem>
a77461
+                                </Grid>
a77461
                                 
a77461
                                     title="Enables faster tombstone purging (nsds5replicaprecisetombstonepurging)."
a77461
                                     className="ds-margin-top"
a77461
diff --git a/src/cockpit/389-console/src/replication.jsx b/src/cockpit/389-console/src/replication.jsx
a77461
index 28364156a..db9d030db 100644
a77461
--- a/src/cockpit/389-console/src/replication.jsx
a77461
+++ b/src/cockpit/389-console/src/replication.jsx
a77461
@@ -553,6 +553,7 @@ export class Replication extends React.Component {
a77461
                             nsds5replicaprotocoltimeout: 'nsds5replicaprotocoltimeout' in config.attrs ? config.attrs.nsds5replicaprotocoltimeout[0] : "",
a77461
                             nsds5replicabackoffmin: 'nsds5replicabackoffmin' in config.attrs ? config.attrs.nsds5replicabackoffmin[0] : "",
a77461
                             nsds5replicabackoffmax: 'nsds5replicabackoffmax' in config.attrs ? config.attrs.nsds5replicabackoffmax[0] : "",
a77461
+                            nsds5replicakeepaliveupdateinterval: 'nsds5replicakeepaliveupdateinterval' in config.attrs ? config.attrs.nsds5replicakeepaliveupdateinterval[0] : "3600",
a77461
                         },
a77461
                         suffixSpinning: false,
a77461
                         disabled: false,
a77461
@@ -695,6 +696,11 @@ export class Replication extends React.Component {
a77461
                             nsds5replicaprotocoltimeout: 'nsds5replicaprotocoltimeout' in config.attrs ? config.attrs.nsds5replicaprotocoltimeout[0] : "",
a77461
                             nsds5replicabackoffmin: 'nsds5replicabackoffmin' in config.attrs ? config.attrs.nsds5replicabackoffmin[0] : "",
a77461
                             nsds5replicabackoffmax: 'nsds5replicabackoffmax' in config.attrs ? config.attrs.nsds5replicabackoffmax[0] : "",
a77461
+                            nsds5replicakeepaliveupdateinterval: 'nsds5replicakeepaliveupdateinterval' in config.attrs ? config.attrs.nsds5replicakeepaliveupdateinterval[0] : "3600",
a77461
+                            clMaxEntries: "",
a77461
+                            clMaxAge: "",
a77461
+                            clTrimInt: "",
a77461
+                            clEncrypt: false,
a77461
                         }
a77461
                     }, this.loadLDIFs);
a77461
 
a77461
diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py
a77461
index 0048cd09b..450246b3d 100644
a77461
--- a/src/lib389/lib389/cli_conf/replication.py
a77461
+++ b/src/lib389/lib389/cli_conf/replication.py
a77461
@@ -33,6 +33,7 @@ arg_to_attr = {
a77461
         'repl_backoff_min': 'nsds5replicabackoffmin',
a77461
         'repl_backoff_max': 'nsds5replicabackoffmax',
a77461
         'repl_release_timeout': 'nsds5replicareleasetimeout',
a77461
+        'repl_keepalive_update_interval': 'nsds5replicakeepaliveupdateinterval',
a77461
         # Changelog
a77461
         'cl_dir': 'nsslapd-changelogdir',
a77461
         'max_entries': 'nsslapd-changelogmaxentries',
a77461
@@ -1278,6 +1279,9 @@ def create_parser(subparsers):
a77461
                                                             "while waiting to acquire the consumer. Default is 3 seconds")
a77461
     repl_set_parser.add_argument('--repl-release-timeout', help="A timeout in seconds a replication supplier should send "
a77461
                                                                 "updates before it yields its replication session")
a77461
+    repl_set_parser.add_argument('--repl-keepalive-update-interval', help="Interval in seconds for how often the server will apply "
a77461
+                                                                          "an internal update to keep the RUV from getting stale. "
a77461
+                                                                          "The default is 1 hour (3600 seconds)")
a77461
 
a77461
     repl_monitor_parser = repl_subcommands.add_parser('monitor', help='Display the full replication topology report')
a77461
     repl_monitor_parser.set_defaults(func=get_repl_monitor_info)
a77461
@@ -1289,7 +1293,7 @@ def create_parser(subparsers):
a77461
     repl_monitor_parser.add_argument('-a', '--aliases', nargs="*",
a77461
                                      help="Enables displaying an alias instead of host:port, if an alias is "
a77461
                                           "assigned to a host:port combination. The format: alias=host:port")
a77461
-#
a77461
+
a77461
     ############################################
a77461
     # Replication Agmts
a77461
     ############################################
a77461
-- 
a77461
2.37.1
a77461