Greetings all!
I'm using OpenLDAP 2.3.28-8, and have configured a master LDAP server for our environment, works great. I then configured a slave server that stays in sync using syncrepl (use refreshAndPersist), also works fine. One think I'm noticing is that is I restart slapd on the master server, it seems that the slave server stops syncing properly. i.e. if I make a change on the master, it is not sync'd to the slave. If I restart slapd on the slave it then syncs any changes that it missed from before.
Is this standard behavior? Does anyone know of a way to tell the slave to automatically try and reconnect with the master if the connection is temporarily lost?
Thanks in Advance! Erich
My bad - I didn't notice the 'retry' parameter. Things work fine now.
Erich Weiler wrote:
Greetings all!
I'm using OpenLDAP 2.3.28-8, and have configured a master LDAP server for our environment, works great. I then configured a slave server that stays in sync using syncrepl (use refreshAndPersist), also works fine. One think I'm noticing is that is I restart slapd on the master server, it seems that the slave server stops syncing properly. i.e. if I make a change on the master, it is not sync'd to the slave. If I restart slapd on the slave it then syncs any changes that it missed from before.
Is this standard behavior? Does anyone know of a way to tell the slave to automatically try and reconnect with the master if the connection is temporarily lost?
Thanks in Advance! Erich
On Thu, 12 Jun 2008, Erich Weiler wrote:
noticing is that is I restart slapd on the master server, it seems that the slave server stops syncing properly. i.e. if I make a change on the master,
Modify sysctl's such as net.ipv4.tcp_keepalive_time, net.ipv4.tcp_keepalive_intvl, and net.ipv4.tcp_keepalive_probes to be more aggressive, so that TCP keepalive might detect the wedged connection.
(I'm assuming Linux based off the RPM-ish version you gave.)
Unless "-8" patches fixes for the DoS issues present in earlier 2.3 releases, you should give some serious thought to upgrading. At a minimum, read a current change log so you can at least evaluate your present exposure. Again, with your RPM-ish version, I'd look at Buchan's third party RPMs. See the list archives for copious discussion of the dangers of using vendor-supplied packages to run slapd.
openldap-software@openldap.org
-
Aaron Richton -
Erich Weiler