openldap-technical March 2012

openldap-technical@openldap.org

96 participants
116 discussions

Re: slow or inconsistent syncrepl
by Amol Kulkarni 09 Mar '12

09 Mar '12

Dear Quanah, Thanks a lot for these 2 pointers. I'll check out the 2.4.30 version. We had used delta syncrepl earlier but our accesslog size used to grow suddenly sometimes and the disk used to get full crashing/hanging the ldap service itself on the provider. But at that time we had kept the max age for the accesslog to be 7 days. I'll reduce it and give it a try again. Also it would be helpful if you can throw some light on : 2. On a really busy ldap server, can replication slow down drastically? i.e does the read operations affect the replication in any way? 4. We are currently having about 60 consumers - is this too much ? What can be the max numbers of consumers ? 5. Sometimes we urgently need some particular node to be present on the consumer - for which we cannot wait - in that case we get ldif of that node from provider and do ldapadd on the consumer ( mirrormode is ON on the consumers ). Is this safe and correct or could it cause some side effects ? Is there a better way to handle it? Thanks and Regards, Amol Kulkarni. ----- Original Message ----- From: Quanah Gibson-Mount Sent: 03/09/12 11:57 PM To: Amol Kulkarni, openldap-technical(a)openldap.org Subject: Re: slow or inconsistent syncrepl --On Friday, March 09, 2012 2:20 PM +0100 Amol Kulkarni <amolkulkarni(a)gmx.com> wrote: > I have a following openldap setup with syncrepl : > - openldap version 2.4.23 This is your #1 issue. > - 1 provider and about 10 consumers in lan and 50 consumers on wan This is your #2 issue. Upgrade to a stable release. Use delta-syncrepl, which uses significantly less bandwidth than syncrepl. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

2 1

slow or inconsistent syncrepl
by Amol Kulkarni 09 Mar '12

09 Mar '12

I have a following openldap setup with syncrepl : - openldap version 2.4.23 - 1 provider and about 10 consumers in lan and 50 consumers on wan - The replication type is push - refreshAndPersist. - There are about 0.5 million nodes - The physical size of ldap folder is about 5gb. - All the lan servers have identical hardware configuration. I have following problems/questions. 1. We observe that LDAP replication works better on one server as opposed to another in same LAN and having the same configuration ? Is ldap replication affected by the ldap read operations on the consumers? So if 2 consumers are getting different amount of ldap reads, will replication speed be different? 2. On a really busy ldap server, can replication slow down drastically? 3. We find that even though the contextcsn of provider & consumer is same - actually there are nodes which are different and there are nodes which are not added or deleted. So we have created a custom script which compares entrycsn's of each and every node. Is this ok ? 4. We are currently having about 60 consumers - is this too much ? What can be the max numbers of consumers ? 5. Sometimes we urgently need some particular node to be present on the consumer - for which we cannot wait - in that case we get ldif of that node from provider and do ldapadd on the consumer ( mirrormode is ON on the consumers ). Is this safe and correct or could it cause some side effects ? Kindly help me in troubleshooting these issues. Right now I cant think of what server configuration I could provide so I dint give it in this mail so pls tell me if anyone needs some particular configuration. Thanks and Regards, Amol Kulkarni.

4 4

Re: configure options
by Brett ＠Google 08 Mar '12

08 Mar '12

Turned out there was an LD_LIBRARY_PATH used for the already running openldap, but was set, so the "make test" prior to installation, was run against the installed libraries, instead of the newly compiled (but as yet uninstalled) ones in the build directory. Arguably the test could "unset LD_LIBRARY_PATH" but that variable might be used to find berkeley dn or other thrid part libraries, so maybe LD_LIBRARY_PATH="`pwd`/libraries/liblber/.libs `pwd`/libraries/libldap/.libs" to the script that launches tests ? Has there ever been any thought of having a --with-bdb=<prefix> which implies the addition of CPPFLAGS="-I<prefix>/include" and LDFLAGS="-L<prefix>/lib" and similarly for things like --with-ssl=<another prefix> ? Personally i alway have to add -R<prefix>/lib also, but this varies by platform, eg. linux has removed this in preference of a gcc option which passes options through to the linker, so it's probably hard to do in a platform-agnostic manner. On Fri, Mar 9, 2012 at 12:07 PM, Howard Chu <hyc(a)symas.com> wrote: > Quanah Gibson-Mount wrote: > >> --On Friday, March 09, 2012 10:49 AM +1000 "Brett @Google" >> <brett.maxfield(a)gmail.com> wrote: >> >> Hello, >>> >>> Are the tests in test050 (multimaster concurrency) for release 2.4.30, >>> still likely or expected to fail on solaris 10 with bdb 4.8.30 ? >>> >>> We dont use multimaster, but at one point in recent history the tests in >>> test050 (multimaster concurrency) were expected to fail. >>> >>> I'll log an ITS if it is now unexpected for this test to fail.. >>> >>> Cheers >>> Brett >>> >>> Waiting 5 seconds for slapd to start... >>> Waiting 5 seconds for slapd to start... >>> 29490 Segmentation Fault - core dumped >>> >> >> segmentation faults are never expected. You should file an ITS with the >> backtrace on the core file. >> > > And the last few lines of slapd.1.log. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/**project/<http://www.openldap.org/project/> > -- *The only thing that interferes with my learning is my education.* * Albert Einstein*

1 0

fw: multimaster
by Brett ＠Google 08 Mar '12

08 Mar '12

Hello, Are the tests in test050 (multimaster concurrency) for release 2.4.30, still likely or expected to fail on solaris 10 with bdb 4.8.30 ? We dont use multimaster, but at one point in recent history the tests in test050 (multimaster concurrency) were expected to fail. I'll log an ITS if it is now unexpected for this test to fail.. Cheers Brett Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... 29490 Segmentation Fault - core dumped Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ldapsearch failed (255)! ./scripts/test050-syncrepl-multimaster: kill: no such process >>>>> test050-syncrepl-multimaster failed for hdb (exit 255) *** Error code 255 The following command caused the error: ./run -b hdb all make: Fatal error: Command failed for target `hdb-yes' Current working directory /home/govops/build/openldap/openldap-2.4.30/tests *** Error code 1 The following command caused the error: make hdb make: Fatal error: Command failed for target `test' Current working directory /home/govops/build/openldap/openldap-2.4.30/tests gmake: *** [test] Error 1 -- *The only thing that interferes with my learning is my education.* * Albert Einstein*

3 2

multi-master syncrepl with sasl/gssapi authentication
by travis.bean＠assuretech.net 08 Mar '12

08 Mar '12

I am having trouble getting multi-master syncrepl to sync when using "bindmethod=sasl" and "saslmech=gssapi". I achieved success when I tried "bindmethod=simple", so at least I know it has been narrowed down to a sasl/gssapi authentication problem (incorrect/missing sasl AuthzRegexp or perhaps an incorrect/missing slapd ACL?). My syncrepl config is as follows (do I need to specify an authcid/authzid or is this id automatically obtained from gssapi?): olcMirrorMode: TRUE olcSyncRepl: rid=001 provider=ldap://or-dc1-db.example.corp retry="5 10 30 +" bindmethod=sasl saslmech=gssapi type=refreshAndPersist searchbase="cn=config" olcSyncRepl: rid=002 provider=ldap://or-dc2-db.example.corp retry="5 10 30 +" bindmethod=sasl saslmech=gssapi type=refreshAndPersist searchbase="cn=config" # Syncprov overlay dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcMirrorMode: TRUE olcSyncRepl: rid=003 provider=ldap://or-dc1-db.example.corp retry="5 10 30 +" bindmethod=sasl saslmech=gssapi type=refreshAndPersist searchbase="dc=example,dc=corp" olcSyncRepl: rid=004 provider=ldap://or-dc2-db.example.corp retry="5 10 30 +" bindmethod=sasl saslmech=gssapi type=refreshAndPersist searchbase="dc=example,dc=corp" # Syncprov overlay dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov My access control: olcAccess: to attrs=userPassword,shadowLastChange by dn="uid=ldap-admin,ou=people,dc=example,dc=corp" write by dn="uid=ldap/or-dc1-db.example.corp,cn=example.corp,cn=gssapi,cn=auth" write by dn="uid=ldap/or-dc2-db.example.corp,cn=example.corp,cn=gssapi,cn=auth" write by anonymous auth by self write by * none olcAccess: to dn.subtree="ou=krb5,dc=example,dc=corp" by dn="cn=kdc-srv,ou=krb5,dc=example,dc=corp" read by dn="cn=adm-srv,ou=krb5,dc=example,dc=corp" write by * none olcAccess: to * by dn="uid=ldap-admin,ou=people,dc=example,dc=corp" write by dn="uid=ldap/or-dc1-db.example.corp,cn=example.corp,cn=gssapi,cn=auth" write by dn="uid=ldap/or-dc2-db.example.corp,cn=example.corp,cn=gssapi,cn=auth" write by peername.ip="192.168.0.0%255.255.255.0" read My sasl AuthzRegexp: olcAuthzRegexp: uid=([^,]+),cn=example.corp,cn=gssapi,cn=auth uid=$1,ou=people,dc=example,dc=corp I know sasl/gssapi are working since ldapwhoami on or-dc1-db returns: SASL/GSSAPI authentication started SASL username: ldap/or-dc1-db.example.corp(a)EXAMPLE.CORP SASL SSF: 56 SASL data security layer installed. dn:uid=ldap/or-dc1-db.example.corp,ou=people,dc=example,dc=corp ldapwhoami on or-dc2-db returns: SASL/GSSAPI authentication started SASL username: ldap/or-dc2-db.example.corp(a)EXAMPLE.CORP SASL SSF: 56 SASL data security layer installed. dn:uid=ldap/or-dc2-db.example.corp,ou=people,dc=example,dc=corp I get the following /var/log/syslog errors on or-dc1-db: OR-DC1-DB slapd[5446]: slap_client_connect: URI=ldap://or-dc2-db.example.corp ldap_sasl_interactive_bind_s failed (-2) OR-DC1-DB slapd[5446]: do_syncrepl: rid=004 rc -2 retrying OR-DC1-DB slapd[5446]: slap_client_connect: URI=ldap://or-dc2-db.example.corp ldap_sasl_interactive_bind_s failed (-2) OR-DC1-DB slapd[5446]: do_syncrepl: rid=002 rc -2 retrying /var/log/syslog errors on or-dc2-db: OR-DC2-DB slapd[5455]: slap_client_connect: URI=ldap://or-dc1-db.example.corp ldap_sasl_interactive_bind_s failed (-2) OR-DC2-DB slapd[5455]: do_syncrepl: rid=003 rc -2 retrying OR-DC2-DB slapd[5455]: slap_client_connect: URI=ldap://or-dc1-db.example.corp ldap_sasl_interactive_bind_s failed (-2) OR-DC2-DB slapd[5455]: do_syncrepl: rid=001 rc -2 retrying

3 3

replication without making the consumer database readonly
by Wuensche Michael 08 Mar '12

08 Mar '12

I have an Openldap 2.4 environment with 2 servers, one serving as provider for 2 databases and one as consumer. On one of the databases I only want to replicate certain entries, filtered by objectclass. I use sync repl for replication. Now I would like to be able to write database entries on the consumer server, which are not covered by the filter and so are not replicated. But Openldap sends me a referral to the master on write attempts if I use the updateref directive. If I don't use this directive, I get error 53: unwilling to perform. Is there a way to have part of a databases entries to be replicated and others being allowed to write locally? Alternatively I'm considering to split the suffix into several databases. Kind regards, Michael

1 0

[SOLVED] RE: OpenLDAP 2.4 : replication doesn't work when customer is stopped
by PROST Frédéric 08 Mar '12

08 Mar '12

After so many days of testing I finally found the solution, which is working on both the last version built from source and the Debian version : I found it thanks to this post : http://www.openldap.org/lists/openldap-technical/201008/msg00274.html When we check the csn value it appears that ServerID is not transmitted : csn=20120308091919.539118Z#000000#000#000000 (the string #000# should be serverID) . To correct this problem, I simply changed the slapd -h option in my startup script (/etc/default/slapd on Debian) from : SLAPD_SERVICES="ldap:/// ldapi:///" To : SLAPD_SERVICES="ldap://<ip or hostname of the server (same as oclServerID)>" This has to be done on both nodes with the correct IP. Then, my csn is now someting like : csn=20120308111043.060040Z#000000#001#000000 (note the #001# corresponding to the serverId) Then retart the server and everything is runnig fine. Regards, -- Frédéric PROST -----Message d'origine----- De : Quanah Gibson-Mount [mailto:quanah@zimbra.com] Envoyé : mercredi 7 mars 2012 18:02 À : PROST Frédéric; openldap-technical(a)openldap.org Objet : RE: OpenLDAP 2.4 : replication doesn't work when customer is stopped --On Wednesday, March 07, 2012 8:06 AM +0100 PROST Frédéric <f.prost(a)mb-line.com> wrote: > Hello, > > My OpenLDAP version is 2.4.23 (installed with apt-get install slapd on > Debian Squeeze). Using 2.4.23 from Debian is a bad decision, for numerous reasons, which have been discussed multiple times on the list. Please see: <http://www.openldap.org/faq/data/cache/1456.html> for just a beginning of the reasons as to why this is a bad idea. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Migration of Openldap server from Solaris 8 to 10
by jay.chouhan＠indiatimes.com 07 Mar '12

07 Mar '12

Dear Admin, We are running Openldap server on Solaris 9 (Kernel version: SunOS 5.9 Generic 122300-30 Jul 2008) Could you please guide me how to migrate Openldap server from Solais9 to Solaris10, We are planning to upgrade OS from Solaris 9 to Solaris 10 by re-installing the OS.. Appreciate your kind reply on this. thanks Kind regards, Jay

2 1

Help tweaking settings so slapd is not writing to disk so much
by Marc Roos 06 Mar '12

06 Mar '12

Hi I am running on a vm dovecot and sendmail with authentication through pam agains ldap. I have got strange spikes in the load and I think slapd is writing to much to disk. I want to reduce disk io. Anybody an idea why slapd is so often writing to disk instead of reading? The slapd process keeps writing to disk although it is setup as a 'consumer' and it does not receive any new data. There are only 2200 records and olcDbDNcacheSize and olcDbIDLcacheSize are both set to 3000. Thanks in advance for suggestions. Total DISK READ: 0.00 B/s | Total DISK WRITE: 0.00 B/s TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND 10297 be/4 ldap 0.00 B/s 42.66 K/s 0.00 % 0.00 % slapd -h ldap:///~/ ldapi:/// -u ldap 10298 be/4 ldap 0.00 B/s 11.64 K/s 0.00 % 0.00 % slapd -h ldap:///~/ ldapi:/// -u ldap 10299 be/4 ldap 0.00 B/s 11.64 K/s 0.00 % 0.00 % slapd -h ldap:///~/ ldapi:/// -u ldap 1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % init 2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd] 3 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0] 4 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0] 5 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0] 6 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0] 7 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/1] 8 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/1]

5 6

syncrepl consumer retry and sync questions
by Nick Milas 06 Mar '12

06 Mar '12

Hi, Concluding from the documentation (I think it's not clear on this), retry="60 +" should mean that the consumer retries indefinitely every 60 seconds. However, I am observing that consumers with the config: syncrepl rid=111 provider=ldaps://ldap.example.com tls_reqcert=never type=refreshAndPersist retry="60 +" searchbase="dc=example,dc=com" schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials="secret" retry the first time after 60 seconds, then retry again after 2 hours: (Note: Consumers lose connection to the provider at 18:47:59 as the provider is stopped for a few minutes to become upgraded to 2.4.pre30.) Feb 25 18:47:59 consumer111 slapd[2482]: do_syncrep2: rid=111 (-1) Can't contact LDAP server Feb 25 18:47:59 consumer111 slapd[2482]: do_syncrepl: rid=111 rc -1 retrying Feb 25 18:48:59 consumer111 slapd[2482]: do_syncrep2: rid=111 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 25 20:48:59 consumer111 slapd[2482]: do_syncrep2: rid=111 (-1) Can't contact LDAP server Feb 25 20:48:59 consumer111 slapd[2482]: do_syncrepl: rid=111 rc -1 retrying Feb 25 20:48:59 consumer111 slapd[2482]: connection_read(35): no connection! Feb 25 20:48:59 consumer111 slapd[2482]: connection_read(35): no connection! Feb 25 20:49:59 consumer111 slapd[2482]: syncrepl_entry: rid=111 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) ...sync continues... Note that there were a bunch of edits on the provider between 19:47 and 19:55 but they were not propagated to this consumer, until 20:49. About my other two consumers (which have identical configuration, but they bind with a non-root user), on which I wrote on my earlier email: It seems they were also in some kind of delay (for two hours too??), but I didn't wait and restarted slapd: The first: Feb 25 18:47:59 consumer222 slapd2.4[2140]: do_syncrep2: rid=222 (-1) Can't contact LDAP server Feb 25 18:47:59 consumer222 slapd2.4[2140]: do_syncrepl: rid=222 rc -1 retrying Feb 25 18:48:59 consumer222 slapd2.4[2140]: do_syncrep2: rid=222 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 25 20:18:04 consumer222 slapd2.4[2141]: slapd starting Feb 25 20:18:04 consumer222 slapd2.4[2141]: syncrepl_entry: rid=222 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) ...sync continues... and the second: This one was stopped and upgraded to 2.4.30b3 (as I named it - it was pre-30): At 18:54:45 (and later at 19:29) it was started after upgrade, then, as it was not syncing, it was restarted at 20:02:55 and it synced. Feb 25 18:47:59 consumer333 slapd[2357]: do_syncrep2: rid=333 (-1) Can't contact LDAP server Feb 25 18:47:59 consumer333 slapd[2357]: do_syncrepl: rid=333 rc -1 retrying Feb 25 18:48:59 consumer333 slapd[2357]: do_syncrep2: rid=333 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 25 18:52:39 consumer333 slapd[2357]: daemon: shutdown requested and initiated. Feb 25 18:52:39 consumer333 slapd[2357]: slapd shutdown: waiting for 1 operations/tasks to finish Feb 25 18:52:40 consumer333 slapd[2357]: slapd stopped. Feb 25 18:52:40 consumer333 slapd[23371]: [OK] OpenLDAP stopped after 1 seconds Feb 25 18:52:40 consumer333 slapd[23372]: [INFO] no data backup done Feb 25 18:52:40 consumer333 slapd[23373]: [INFO] Halting OpenLDAP replication... Feb 25 18:52:40 consumer333 slapd[23374]: [INFO] no replica found in configuration, aborting stopping slurpd Feb 25 18:54:27 consumer333 slapd[23425]: [INFO] Using /etc/default/slapd for configuration Feb 25 18:54:27 consumer333 slapd[23430]: [INFO] Halting OpenLDAP... Feb 25 18:54:27 consumer333 slapd[23431]: [INFO] can't read PID file, to stop slapd try: /etc/init.d/slapd forcestop Feb 25 18:54:27 consumer333 slapd[23432]: [INFO] Halting OpenLDAP replication... Feb 25 18:54:27 consumer333 slapd[23433]: [INFO] no replica found in configuration, aborting stopping slurpd Feb 25 18:54:44 consumer333 slapd[23458]: [INFO] Using /etc/default/slapd for configuration Feb 25 18:54:44 consumer333 slapd[23463]: [INFO] Launching OpenLDAP configuration test... Feb 25 18:54:45 consumer333 slapd[23486]: [OK] OpenLDAP configuration test successful Feb 25 18:54:45 consumer333 slapd[23496]: [INFO] No db_recover done Feb 25 18:54:45 consumer333 slapd[23497]: [INFO] Launching OpenLDAP... Feb 25 18:54:45 consumer333 slapd[23498]: [OK] File descriptor limit set to 1024 Feb 25 18:54:45 consumer333 slapd[23499]: @(#) $OpenLDAP: slapd 2.4.X (Feb 25 2012 18:38:31) $ swbuilder@vdev.example.com:/home/swbuilder/rpmbuild/BUILD/openldap-2.4.30b3/servers/slapd Feb 25 18:54:45 consumer333 slapd[23500]: slapd starting Feb 25 18:54:45 consumer333 slapd[23500]: do_syncrep2: rid=333 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 25 18:54:46 consumer333 slapd[23505]: [OK] OpenLDAP started Feb 25 19:29:14 consumer333 slapd[2318]: [INFO] Using /etc/default/slapd for configuration Feb 25 19:29:14 consumer333 slapd[2323]: [INFO] Launching OpenLDAP configuration test... Feb 25 19:29:15 consumer333 slapd[2346]: [OK] OpenLDAP configuration test successful Feb 25 19:29:15 consumer333 slapd[2356]: [INFO] No db_recover done Feb 25 19:29:15 consumer333 slapd[2357]: [INFO] Launching OpenLDAP... Feb 25 19:29:15 consumer333 slapd[2358]: [OK] File descriptor limit set to 1024 Feb 25 19:29:15 consumer333 slapd[2359]: @(#) $OpenLDAP: slapd 2.4.X (Feb 25 2012 18:38:31) $ swbuilder@vdev.example.com:/home/swbuilder/rpmbuild/BUILD/openldap-2.4.30b3/servers/slapd Feb 25 19:29:15 consumer333 slapd[2360]: slapd starting Feb 25 19:29:15 consumer333 slapd[2360]: do_syncrep2: rid=333 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 25 19:29:16 consumer333 slapd[2365]: [OK] OpenLDAP started Feb 25 20:02:42 consumer333 slapd[2943]: [INFO] Using /etc/default/slapd for configuration Feb 25 20:02:42 consumer333 slapd[2948]: [INFO] Halting OpenLDAP... Feb 25 20:02:42 consumer333 slapd[2360]: daemon: shutdown requested and initiated. Feb 25 20:02:42 consumer333 slapd[2360]: slapd shutdown: waiting for 1 operations/tasks to finish Feb 25 20:02:42 consumer333 slapd[2360]: slapd stopped. Feb 25 20:02:43 consumer333 slapd[2952]: [OK] OpenLDAP stopped after 1 seconds Feb 25 20:02:43 consumer333 slapd[2953]: [INFO] No data backup done Feb 25 20:02:55 consumer333 slapd[2983]: [INFO] Using /etc/default/slapd for configuration Feb 25 20:02:55 consumer333 slapd[2988]: [INFO] Launching OpenLDAP configuration test... Feb 25 20:02:55 consumer333 slapd[3011]: [OK] OpenLDAP configuration test successful Feb 25 20:02:55 consumer333 slapd[3021]: [INFO] No db_recover done Feb 25 20:02:55 consumer333 slapd[3022]: [INFO] Launching OpenLDAP... Feb 25 20:02:55 consumer333 slapd[3023]: [OK] File descriptor limit set to 1024 Feb 25 20:02:55 consumer333 slapd[3024]: @(#) $OpenLDAP: slapd 2.4.X (Feb 25 2012 18:38:31) $ swbuilder@vdev.example.com:/home/swbuilder/rpmbuild/BUILD/openldap-2.4.30b3/servers/slapd Feb 25 20:02:55 consumer333 slapd[3025]: slapd starting Feb 25 20:02:55 consumer333 slapd[3025]: syncrepl_message_to_entry: rid=333 DN: dc=bridge-o.admin,dc=example.com,ou=dns1,dc=example,dc=com, UUID: a483715a-56bd-102f-9a9d-87b8bcc59e1e Feb 25 20:02:55 consumer333 slapd[3025]: syncrepl_entry: rid=333 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) ...sync continues... Questions: 1. What does the message "connection_read(35): no connection!" signify? (On this consumer -only- I also get occasional messages, like the following: Feb 27 22:25:56 consumer111 slapd[2939]: connection_input: conn=1001 deferring operation: binding ) 2. Why there was a stop in retrying for two hours on the running consumers (111, 222)? 3. Why the upgraded consumer (333) did not sync? It was started after the provider and it was running when the changes were made on the provider. Thanks, Nick

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2012