Here you are, the config of the second machine is identical, apart from the different provider

 

#######################################################################

#

#  Global settings

#

#######################################################################

 

pidfile         /var/run/slapd.pid

argsfile        /var/run/slapd.args

ucdata-path     /usr/ucdata

 

serverID  1

 

moduleload syncprov

 

###################################

# Useful settings for enabling LDAPS (i.e. LDAP over SSL/TLS) access to this server

###################################

 

TLSCACertificateFile    /etc/TLS/ca-certs/trusted_CAs.pem

TLSCACertificatePath    /etc/TLS/links

TLSCertificateFile      /etc/TLS/server/server.pem

TLSCertificateKeyFile   /etc/TLS/server/server_key.pem

TLSCipherSuite        HIGH:MEDIUM:SSLv3

TLSVerifyClient        try

 

###################################

#  Public LDAP schemas

###################################

 

include        /etc/schema/core.schema

include        /etc/schema/cosine.schema

include        /etc/schema/inetorgperson.schema

 

###################################

#  Gateway specific LDAP schemas

###################################

 

include        /etc/schema/database.schema

 

loglevel 256

 

###################################

#  Access control

###################################

 

 

access to attrs=userPassword

        by anonymous    auth

        by *            none

 

access to dn.subtree="dc=SpecialBranch,dc=head"

        by dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write

        by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write

        by * none

 

access to *

        by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write

        by * none

 

access to * by * none

 

 

#######################################################################

#

#  Database definitions

#

#######################################################################

 

###################################

#  Database for SpecialBranch

###################################

 

database        bdb

suffix          "dc=SpecialBranch,dc=head"

subordinate

rootdn          "cn=admin,dc=head"

directory       /var/db-SpecialBranch

monitoring off

index objectClass           eq

index entryCSN              eq

index entryUUID             eq

index contextCSN            eq

index DatabaseAttrRuleID       eq

 

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

 

# syncrepl directiv

syncrepl      rid=001

              provider=ldap://192.168.120.237:388

              bindmethod=simple

              binddn="cn=Replicator,dc=DatabaseReplication,dc=head"

              credentials="fdet2zS3"

              searchbase="dc=SpecialBranch,dc=head"

              starttls=critical

              tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem

              tls_cert=etc/TLS/client/client.pem

              tls_key=etc/TLS/client/client_key.pem

              schemachecking=on

              type=refreshAndPersist

              retry="5 12 60 +"

 

mirrormode on

 

###################################

#  Database for the general configuration

###################################

 

database        bdb

suffix          "dc=head"

rootdn          "cn=admin,dc=head"

rootpw          "{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj"

directory       /var/db-general

monitoring off

index objectClass            eq

index entryCSN               eq

index entryUUID              eq

index contextCSN             eq

index mail                   eq,sub

index DatabaseAttrIssuerDN      eq,sub

index DatabaseAttrSubjectDN     eq,sub

index DatabaseAttrSerial        eq

index DatabaseAttrFingerprint   eq,sub

index DatabaseAttrKeyID         eq,sub

index DatabaseAttrKeySigner     pres

index DatabaseAttrKeyHash       eq

 

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

 

# syncrepl directiv

syncrepl      rid=001

              provider=ldap://192.168.120.237:388

              bindmethod=simple

              binddn="cn=Replicator,dc=DatabaseReplication,dc=head"

              credentials="fdet2zS3"

              searchbase="dc=head"

              starttls=critical

              tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem

              tls_cert=etc/TLS/client/client.pem

              tls_key=etc/TLS/client/client_key.pem

              schemachecking=on

              type=refreshAndPersist

              retry="5 12 60 +"

 

mirrormode on

 

 

#eof

 

 

 

Von: Benjamin Griese [mailto:der.darude@gmail.com]
Gesendet: Freitag, 26. März 2010 10:05
An: Thorsten Mueller
Cc: openldap-technical@openldap.org
Betreff: Re: syncrepl connection / reconnect

 

Hi Thorsten,

please provide more information for example your slapd.conf / slapd.d. The more infos you give the more feedback you get.

Bye.

On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <Thorsten.Mueller@aachen.utimaco.de> wrote:

Hi,

 

I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.

 

When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B.  Only after restarting slapd_B the connection  is reestablished and the changes are synced. I see the same behavior, if I just do a “ifconfig eth0 down”. The remaining slapd seems not to recognize a loss of the network connection.

Is this a bug in openldap, or a configuration issue on my side?

 

Thanks,

Thorsten




--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra