Thank you, Quanah, I didn't know about the "keepalive" option for syncrepl. Now that you mentioned, I found some old 2017 discussion on this list with a very similar issue I have, where you mentioned this option. I see it in the slapd manual page but not on 2.4 (or 2.5) admin site: https://www.openldap.org/doc/admin24/replication.html
I'll try adding it to the config and will definitely consider upgrading to a newer version in some fashion. Thanks, Mircea -- Mircea Baciu | Senior Unix Systems Administrator Simmons University | 300 The Fenway | Boston, MA 02115 | 617-521-2194 On Mon, Sep 20, 2021 at 11:12 AM Quanah Gibson-Mount <[email protected]> wrote: > > > --On Monday, September 20, 2021 11:38 AM -0400 Mircea Baciu > <[email protected]> wrote: > > > > The providers are OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), > > running on RHEL 7. > > The consumer is OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), > > running on CentOS 7. > > > Hello, > > The OpenLDAP 2.4.44 release is over 5 years old and numerous replication > related issues have been fixed since that time. Additionally, RedHat is > known to have made questionable modifications to libldap, particularly > around the TLS layer in RHEL7. > > I'd strongly advise you to upgrade to a current release of OpenLDAP. I > would note that Symas provides free drop-in replacement builds of OpenLDAP > for RHEL7 with optional support available > (<https://repo.symas.com/sofl/rhel7/>). > > Symas also provides free builds of the current OpenLDAP release series > (2.5) with optional support available > (<https://repo.symas.com/soldap/rhel7/>). > > I'd also note that your syncrepl stanza is missing the "keepalive" option, > which is usually essential when dealing with traffic through load > balancers. > > Regards, > Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >
