Although I'm not using any intermediate device between ldap servers (they all are in the same network) I have added the keepalive option to syncrepl, without any result.
El 26/3/19 a las 15:06, Quanah Gibson-Mount escribió:
--On Tuesday, March 26, 2019 8:58 AM +0100 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
I recommend always defining a keepalive interval in the syncrepl stanza to avoid these types of issues.
keepalive=240:10:30
usually works well, unless the device is configured to close idle connections at less than a 5 minute interval.
Hi!
I don't understand that: Keepalive (as I know it) has nothing to do with idle connections, but only with dead connections. And what's the magic with 5 minutes?
Hello,
You're understanding is generally incorrect. The paramater is called "keep alive" and not "kill dead" for a reason. When using refreshAndPersist connections in an environment where you have a traffic device (such as an F5), the devices are often configured to terminate idle connections after some period of time (which often defaults to 5 minutes). By configuring a keepalive in the syncrepl stanza, the connection appears "alive" to the traffic device even if there is no replication traffic occurring. Thus "keep alive".
There is a *secondary* benefit, in that it does also allow slapd to detect if a connection was severed, and so re-establish a new connection in that case, but the primary purpose is to keep it from ever getting severed in the first place.
If you have no "keepalive" set, and the traffic device severs the connection, slapd cannot detect this, and will think it's still connected and no replication will occur until slapd is restarted.
I.e., the primary purpose is to keep the connection alive.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com