Here you are, the config of the second machine is identical, apart from the different provider
####################################################################### # # Global settings # #######################################################################
pidfile /var/run/slapd.pid argsfile /var/run/slapd.args ucdata-path /usr/ucdata
serverID 1
moduleload syncprov
################################### # Useful settings for enabling LDAPS (i.e. LDAP over SSL/TLS) access to this server ###################################
TLSCACertificateFile /etc/TLS/ca-certs/trusted_CAs.pem TLSCACertificatePath /etc/TLS/links TLSCertificateFile /etc/TLS/server/server.pem TLSCertificateKeyFile /etc/TLS/server/server_key.pem TLSCipherSuite HIGH:MEDIUM:SSLv3 TLSVerifyClient try
################################### # Public LDAP schemas ###################################
include /etc/schema/core.schema include /etc/schema/cosine.schema include /etc/schema/inetorgperson.schema
################################### # Gateway specific LDAP schemas ###################################
include /etc/schema/database.schema
loglevel 256
################################### # Access control ###################################
access to attrs=userPassword by anonymous auth by * none
access to dn.subtree="dc=SpecialBranch,dc=head" by dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none
access to * by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none
access to * by * none
####################################################################### # # Database definitions # #######################################################################
################################### # Database for SpecialBranch ###################################
database bdb suffix "dc=SpecialBranch,dc=head" subordinate rootdn "cn=admin,dc=head" directory /var/db-SpecialBranch monitoring off index objectClass eq index entryCSN eq index entryUUID eq index contextCSN eq index DatabaseAttrRuleID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directiv syncrepl rid=001 provider=ldap://192.168.120.237:388 bindmethod=simple binddn="cn=Replicator,dc=DatabaseReplication,dc=head" credentials="fdet2zS3" searchbase="dc=SpecialBranch,dc=head" starttls=critical tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem tls_cert=etc/TLS/client/client.pem tls_key=etc/TLS/client/client_key.pem schemachecking=on type=refreshAndPersist retry="5 12 60 +"
mirrormode on
################################### # Database for the general configuration ###################################
database bdb suffix "dc=head" rootdn "cn=admin,dc=head" rootpw "{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj" directory /var/db-general monitoring off index objectClass eq index entryCSN eq index entryUUID eq index contextCSN eq index mail eq,sub index DatabaseAttrIssuerDN eq,sub index DatabaseAttrSubjectDN eq,sub index DatabaseAttrSerial eq index DatabaseAttrFingerprint eq,sub index DatabaseAttrKeyID eq,sub index DatabaseAttrKeySigner pres index DatabaseAttrKeyHash eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directiv syncrepl rid=001 provider=ldap://192.168.120.237:388 bindmethod=simple binddn="cn=Replicator,dc=DatabaseReplication,dc=head" credentials="fdet2zS3" searchbase="dc=head" starttls=critical tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem tls_cert=etc/TLS/client/client.pem tls_key=etc/TLS/client/client_key.pem schemachecking=on type=refreshAndPersist retry="5 12 60 +"
mirrormode on
#eof
Von: Benjamin Griese [mailto:der.darude@gmail.com] Gesendet: Freitag, 26. März 2010 10:05 An: Thorsten Mueller Cc: openldap-technical@openldap.org Betreff: Re: syncrepl connection / reconnect
Hi Thorsten,
please provide more information for example your slapd.conf / slapd.d. The more infos you give the more feedback you get.
Bye. On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <Thorsten.Mueller@aachen.utimaco.demailto:Thorsten.Mueller@aachen.utimaco.de> wrote: Hi,
I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.
When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The remaining slapd seems not to recognize a loss of the network connection. Is this a bug in openldap, or a configuration issue on my side?
Thanks, Thorsten
-- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra