Hi, who of you is using OpenLDAP in a replicated setup using syncrepl, as opposed to slurp, and with TLS?
I found that these three configuration statements make the difference between a working LDAP server and one that hangs on every 'add' operation, requiring a 'kill -9' and a restart: overlay syncprov syncprov-checkpoint 10 5 syncprov-sessionlog 100 Afaik, these are required for a server to be a replication master. I've not yet tried to get rid of TLS, though, but to reproduce the problem, it's not necessary to use TLS from the client to exercise the problem. It's also not necessary to have a replication slave on the server to exercise the problem. It only needs to be there in slapd.conf The last things from my protocol after such an 'add' operation are: send_ldap_result: err=0 matched="" text="" ldbm_back_modify: And at that point, it hangs. Killing and restarting the server (almost bearable, thanks to runit), allows me to access the directory again and find the newly created entry there. -- Kind regards, --Toni++
