--On Monday, September 20, 2021 11:38 AM -0400 Mircea Baciu mircea.baciu@simmons.edu wrote:
The providers are OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), running on RHEL 7. The consumer is OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), running on CentOS 7.
Hello,
The OpenLDAP 2.4.44 release is over 5 years old and numerous replication related issues have been fixed since that time. Additionally, RedHat is known to have made questionable modifications to libldap, particularly around the TLS layer in RHEL7.
I'd strongly advise you to upgrade to a current release of OpenLDAP. I would note that Symas provides free drop-in replacement builds of OpenLDAP for RHEL7 with optional support available (https://repo.symas.com/sofl/rhel7/).
Symas also provides free builds of the current OpenLDAP release series (2.5) with optional support available (https://repo.symas.com/soldap/rhel7/).
I'd also note that your syncrepl stanza is missing the "keepalive" option, which is usually essential when dealing with traffic through load balancers.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com