Thank you, Quanah,

I didn't know about the "keepalive" option for syncrepl. Now that you mentioned, I found some old 2017 discussion on this list with a very similar issue I have, where you mentioned this option. I see it in the slapd manual page but not on 2.4 (or 2.5) admin site: https://www.openldap.org/doc/admin24/replication.html

I'll try adding it to the config and will definitely consider upgrading to a newer version in some fashion.

Thanks,

Mircea

Mircea Baciu | Senior Unix Systems Administrator

Simmons University | 300 The Fenway | Boston, MA 02115 | 617-521-2194

On Mon, Sep 20, 2021 at 11:12 AM Quanah Gibson-Mount <quanah@symas.com> wrote:

--On Monday, September 20, 2021 11:38 AM -0400 Mircea Baciu
<mircea.baciu@simmons.edu> wrote:

> The providers are OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64),
> running on RHEL 7.
> The consumer is OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64),
> running on CentOS 7.

Hello,

The OpenLDAP 2.4.44 release is over 5 years old and numerous replication
related issues have been fixed since that time. Additionally, RedHat is
known to have made questionable modifications to libldap, particularly
around the TLS layer in RHEL7.

I'd strongly advise you to upgrade to a current release of OpenLDAP. I
would note that Symas provides free drop-in replacement builds of OpenLDAP
for RHEL7 with optional support available
(<https://repo.symas.com/sofl/rhel7/>).

Symas also provides free builds of the current OpenLDAP release series
(2.5) with optional support available
(<https://repo.symas.com/soldap/rhel7/>).

I'd also note that your syncrepl stanza is missing the "keepalive" option,
which is usually essential when dealing with traffic through load balancers.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>