Hi Ondrej,
I restarted with a new test. Now I'm having 2 loadbalancer one is configured via cn=config and one over slapd.conf. Both are configured exactly the same. Same binduser, same ldap-server same everything. For my test I started tcpdump on the loadbalancer and on the two ldap-server.
Starting the loadbalancer which is configured via slapd.conf I can see all the packages on both, the ldap-servers and the loadbalancer.
Doing the same test with the loadbalancer configured via cn=config I see absolutely nothing, no package is send.
When I set the loglevel to any, I can see that slapd is reading the configuration from cn=config, but I can't see any error. Slapd is running but no connection to any of the ldap-server is established.
Next thing I did was starting the slapd over the commandline with strace on both systems strace /opt/symas/lib/slapd -f /opt/symas/etc/openldap/slapd.conf 2>start-mit-strace
and
strace /opt/symas/lib/slapd -F /opt/symas/etc/openldap/slapd.d 2>start-mit-strace
The result for the server with slapd.conf is showning: --------------- connect(10, {sa_family=AF_INET6, sin6_port=htons(1389), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 connect(10, {sa_family=AF_INET, sin_port=htons(1389), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 bind(10, {sa_family=AF_INET, sin_port=htons(1389), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 bind(11, {sa_family=AF_INET6, sin6_port=htons(1389), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 ... connect(12, {sa_family=AF_INET6, sin6_port=htons(1636), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 connect(12, {sa_family=AF_INET, sin_port=htons(1636), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 bind(12, {sa_family=AF_INET, sin_port=htons(1636), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 bind(13, {sa_family=AF_INET6, sin6_port=htons(1636), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 ---------------
The same search in the result on the loadbalancer configured via cn=config is showing nothing.
I don't know where else I can search. It must be possible to configure the loadbalancer via cn=config.
On both loadbalancer "ss -tlpn" is showing the port 389 636 1389 1636 as listing.
Trying to connect with "telnet <IP> 1636" to both, only on the loadbalancer configured via slapd.conf I can see packages arriving in tcpdump.
There is NO firewall at all running on both systems!
Any idea?
Am 04.12.23 um 14:51 schrieb Stefan Kania:
Now I did a check with tcpdump. Starting tcpdump on both systems I see, that the tcp connection is established. But now packages send when doing a ldapsearch.