Hello,
I have recently installed two syncrepl consumers using 2.4.44 on CentOS 7 using LTB rpm packages.
I am almost daily facing issues with consumers losing connection to the master. I always have to restart the consumer in order to re-establish connection.
Note 1: These two consumers have replaced two older ones running 2.4.39 LTB (and earlier versions) on CentOS 5 without any such issues.
Note 2: Master is using 2.4.44 version as well (but on CentOS 5).
Is this a known bug or I need to change/add something in the config when using this OpenLDAP version so that the problem gets resolved?
Below follows a log example from one of them (it includes my restart to re-establish connection):
OpenLDAP Log excerpt: =========================================================================== Feb 28 16:19:20 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 28 16:19:20 vdns slapd[10375]: do_syncrep2: rid=353 cookie=rid=353,csn=20170228140139.002723Z#000000#000#000000 Feb 28 16:19:20 vdns slapd[10375]: slap_queue_csn: queueing 0x7f9314225d90 20170228140139.002723Z#000000#000#000000 Feb 28 16:19:20 vdns slapd[10375]: slap_graduate_commit_csn: removing 0x7f9314225d90 20170228140139.002723Z#000000#000#000000 Feb 28 16:19:21 vdns slapd[10380]: [OK] OpenLDAP started Feb 28 18:19:23 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Feb 28 18:19:23 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Feb 28 18:20:23 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 28 20:20:37 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Feb 28 20:20:37 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Feb 28 20:21:37 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Feb 28 22:21:52 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Feb 28 22:21:52 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Feb 28 22:22:52 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 00:23:06 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Mar 1 00:23:06 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Mar 1 00:24:06 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 02:24:21 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Mar 1 02:24:21 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Mar 1 02:25:21 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 04:25:35 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Mar 1 04:25:35 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Mar 1 04:26:35 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 06:26:50 vdns slapd[10375]: do_syncrep2: rid=353 (-1) Can't contact LDAP server Mar 1 06:26:50 vdns slapd[10375]: do_syncrepl: rid=353 rc -1 retrying (14 retries left) Mar 1 06:27:50 vdns slapd[10375]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 08:17:54 vdns slapd[18585]: [INFO] Using /etc/default/slapd for configuration Mar 1 08:17:54 vdns slapd[18590]: [INFO] Halting OpenLDAP... Mar 1 08:17:54 vdns slapd[10375]: daemon: shutdown requested and initiated. Mar 1 08:17:54 vdns slapd[10375]: slapd shutdown: waiting for 1 operations/tasks to finish Mar 1 08:17:54 vdns slapd[10375]: slapd stopped. Mar 1 08:17:55 vdns slapd[18594]: [OK] OpenLDAP stopped after 1 seconds Mar 1 08:17:55 vdns slapd[18595]: [INFO] No data backup done Mar 1 08:17:55 vdns slapd[18607]: [INFO] Using /etc/default/slapd for configuration Mar 1 08:17:55 vdns slapd[18612]: [INFO] Launching OpenLDAP configuration test... Mar 1 08:17:56 vdns slapd[18626]: [OK] OpenLDAP configuration test successful Mar 1 08:17:56 vdns slapd[18637]: [INFO] No db_recover done Mar 1 08:17:56 vdns slapd[18638]: [INFO] Launching OpenLDAP... Mar 1 08:17:56 vdns slapd[18639]: [OK] File descriptor limit set to 1024 Mar 1 08:17:56 vdns slapd[18640]: @(#) $OpenLDAP: slapd 2.4.44 (Feb 15 2016 11:14:35) $#012#011clement@centos7.unix.example.com:/home/clement/build/BUILD/openldap-2.4.44/servers/slapd Mar 1 08:17:56 vdns slapd[18641]: slapd starting Mar 1 08:17:56 vdns slapd[18641]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Mar 1 08:17:56 vdns slapd[18641]: do_syncrep2: rid=353 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 1 08:17:56 vdns slapd[18641]: do_syncrep2: rid=353 cookie=rid=353,csn=20170301060829.837823Z#000000#000#000000 Mar 1 08:17:56 vdns slapd[18641]: slap_queue_csn: queueing 0x7f33f4225d90 20170301060829.837823Z#000000#000#000000 Mar 1 08:17:56 vdns slapd[18641]: slap_graduate_commit_csn: removing 0x7f33f4225d90 20170301060829.837823Z#000000#000#000000 Mar 1 08:17:57 vdns slapd[18646]: [OK] OpenLDAP started
===========================================================================
Configuration on this consumer: ===========================================================================
include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/eduperson.schema include /usr/local/openldap/etc/openldap/schema/postfix.schema include /usr/local/openldap/etc/openldap/schema/dyngroup.schema include /usr/local/openldap/etc/openldap/schema/misc.schema include /usr/local/openldap/etc/openldap/schema/ppolicy.schema include /usr/local/openldap/etc/openldap/schema/schac-20090326-1.4.0.schema include /usr/local/openldap/etc/openldap/schema/dnsdomain2.schema include /usr/local/openldap/etc/openldap/schema/proftpd-quota.schema include /usr/local/openldap/etc/openldap/schema/kerberos.schema include /usr/local/openldap/etc/openldap/schema/localemail.schema include /usr/local/openldap/etc/openldap/schema/entryaccess.schema include /usr/local/openldap/etc/openldap/schema/radius.schema
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
modulepath /usr/local/openldap/lib64
loglevel sync
sizelimit unlimited timelimit unlimited
TLSCACertificateFile /usr/local/openldap/etc/openldap/cacerts/DigiCertCA.crt TLSCertificateFile /usr/local/openldap/etc/openldap/cacerts/vdns_noa_gr-1058189.crt TLSCertificateKeyFile /usr/local/openldap/etc/openldap/cacerts/vdns_noa_gr-1058189.key
TLSVerifyClient never
database mdb
suffix "dc=noa,dc=gr" rootdn "cn=Manager,dc=noa,dc=gr"
rootpw {SSHA}<SECRET>
include /usr/local/openldap/etc/openldap/acl.conf
directory /usr/local/openldap/var/mdb
maxsize 10737418240
index objectClass eq,pres index cn eq,pres,sub index uid eq,pres index ou eq,pres index owner eq index entryCSN,entryUUID eq index associatedDomain pres,eq,sub index dc eq
syncrepl rid=353 provider=ldaps://ldap.noa.gr type=refreshAndPersist tls_reqcert=never retry="60 15 180 +" searchbase="dc=noa,dc=gr" schemachecking=off bindmethod=simple binddn="uid=syncuser,dc=noa,dc=gr" credentials="secret"
database monitor
access to * by dn.exact="cn=Manager,dc=noa,dc=gr" read by * none ===========================================================================
Please let me know of any hint/advice to resolve this issue!
Thanks in advance, Nick