Christian Kratzer wrote:
On Tue, 3 Dec 2013, Christian Kratzer wrote:
we are currently chasing a strange issue at a customers site where the ldap slaves become unresponsive when network connectivity to master ldaps and dns servers is lost.
They have a setup of two masters and two slaves at separate sites. There is a load balancer sitting in front of the slaves that performs regular health checks consisting of binds followed by a search of their binddn.
It seems that this is due to ldap chaining from slave to master running without a timeout and eventually blocking all of slapd.
That was my first idea remembering your former info about your setup.
We use referrals and chaining for slapo-ppolicy and slapo-lastbind (with replication patch from ITS#7721).
You have been warned. ;-)
No, I don't have a good suggestion other than to avoid chaining write operations by slapo-ppolicy and slapo-lastbind.