Full_Name: Nikos Voutsinas Version: 2.4.42 OS: Solaris/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.38.193.214)

Hi,

In a 4-nodes MMR deployment with a 2-nodes LDAP Proxy Front-ends, we have repeatedly noticed that whenever the connection recovery method falls into the quarantine code, it fails.

i.e. when all the back-end ldap servers become unavailable, for some reason, slapd-ldap fails to follow the retry scheme that is dictated by olcDbQuarantine.

In our case we set olcDbQuarantine to: 10,30;60,+ and when we got a temporary network timeout from all back-end ldap server this is what we saw in the slapd logs.

Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0 ldap_back_retry: retrying URI="ldap://back01 ldap://back02" DN="" Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0: ldap_back_quarantine enter. Oct 7 21:31:08 proxy slapd[330]: conn=632759 op=0: ldap_back_getconn quarantine retry block #0 try #0.

After that the only method to recover was either to restart the whole process or reset the value of olcDbQuarantine.

Thanks, Nikos