AW: syncrepl connection / reconnect

Thorsten Mueller Fri, 26 Mar 2010 05:59:47 -0700

Here you are, the config of the second machine is identical, apart from the 
different provider


#######################################################################
#
#  Global settings
#
#######################################################################

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
ucdata-path     /usr/ucdata

serverID  1

moduleload syncprov

###################################
# Useful settings for enabling LDAPS (i.e. LDAP over SSL/TLS) access to this 
server
###################################

TLSCACertificateFile    /etc/TLS/ca-certs/trusted_CAs.pem
TLSCACertificatePath    /etc/TLS/links
TLSCertificateFile      /etc/TLS/server/server.pem
TLSCertificateKeyFile   /etc/TLS/server/server_key.pem
TLSCipherSuite        HIGH:MEDIUM:SSLv3
TLSVerifyClient        try

###################################
#  Public LDAP schemas
###################################

include        /etc/schema/core.schema
include        /etc/schema/cosine.schema
include        /etc/schema/inetorgperson.schema

###################################
#  Gateway specific LDAP schemas
###################################

include        /etc/schema/database.schema

loglevel 256

###################################
#  Access control
###################################


access to attrs=userPassword
        by anonymous    auth
        by *            none

access to dn.subtree="dc=SpecialBranch,dc=head"
        by dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write
        by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write
        by * none

access to *
        by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write
        by * none

access to * by * none


#######################################################################
#
#  Database definitions
#
#######################################################################

###################################
#  Database for SpecialBranch
###################################

database        bdb
suffix          "dc=SpecialBranch,dc=head"
subordinate
rootdn          "cn=admin,dc=head"
directory       /var/db-SpecialBranch
monitoring off
index objectClass           eq
index entryCSN              eq
index entryUUID             eq
index contextCSN            eq
index DatabaseAttrRuleID       eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directiv
syncrepl      rid=001
              provider=ldap://192.168.120.237:388
              bindmethod=simple
              binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
              credentials="fdet2zS3"
              searchbase="dc=SpecialBranch,dc=head"
              starttls=critical
              tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
              tls_cert=etc/TLS/client/client.pem
              tls_key=etc/TLS/client/client_key.pem
              schemachecking=on
              type=refreshAndPersist
              retry="5 12 60 +"

mirrormode on

###################################
#  Database for the general configuration
###################################

database        bdb
suffix          "dc=head"
rootdn          "cn=admin,dc=head"
rootpw          "{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj"
directory       /var/db-general
monitoring off
index objectClass            eq
index entryCSN               eq
index entryUUID              eq
index contextCSN             eq
index mail                   eq,sub
index DatabaseAttrIssuerDN      eq,sub
index DatabaseAttrSubjectDN     eq,sub
index DatabaseAttrSerial        eq
index DatabaseAttrFingerprint   eq,sub
index DatabaseAttrKeyID         eq,sub
index DatabaseAttrKeySigner     pres
index DatabaseAttrKeyHash       eq

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

# syncrepl directiv
syncrepl      rid=001
              provider=ldap://192.168.120.237:388
              bindmethod=simple
              binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
              credentials="fdet2zS3"
              searchbase="dc=head"
              starttls=critical
              tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
              tls_cert=etc/TLS/client/client.pem
              tls_key=etc/TLS/client/client_key.pem
              schemachecking=on
              type=refreshAndPersist
              retry="5 12 60 +"

mirrormode on


#eof



Von: Benjamin Griese [mailto:[email protected]]
Gesendet: Freitag, 26. März 2010 10:05
An: Thorsten Mueller
Cc: [email protected]
Betreff: Re: syncrepl connection / reconnect

Hi Thorsten,

please provide more information for example your slapd.conf / slapd.d. The more 
infos you give the more feedback you get.

Bye.
On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller 
<[email protected]<mailto:[email protected]>> 
wrote:
Hi,

I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When 
I shut down slapd_A, I can see the connection retries in the log of B. After 
restarting A everything is fine. Replication works in both directions.

When I switch off the machine hosting A, B does not log anything. After 
starting machine A, replication only works from B to A and not from A to B.  
Only after restarting slapd_B the connection  is reestablished and the changes 
are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The 
remaining slapd seems not to recognize a loss of the network connection.
Is this a bug in openldap, or a configuration issue on my side?

Thanks,
Thorsten



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to 
do -- Sartre | Do be do be do -- Sinatra

AW: syncrepl connection / reconnect

Reply via email to