Although I'm not using any intermediate device between ldap servers
(they all are in the same network) I have added the keepalive option to
syncrepl, without any result.
El 26/3/19 a las 15:06, Quanah Gibson-Mount escribió:
--On Tuesday, March 26, 2019 8:58 AM +0100 Ulrich Windl
>> I recommend always defining a keepalive interval in the syncrepl stanza
>> to avoid these types of issues.
>> usually works well, unless the device is configured to close idle
>> connections at less than a 5 minute interval.
> I don't understand that: Keepalive (as I know it) has nothing to do with
> idle connections, but only with dead connections. And what's the magic
> with 5 minutes?
You're understanding is generally incorrect. The paramater is called
"keep alive" and not "kill dead" for a reason. When using
refreshAndPersist connections in an environment where you have a traffic
device (such as an F5), the devices are often configured to terminate
idle connections after some period of time (which often defaults to 5
minutes). By configuring a keepalive in the syncrepl stanza, the
connection appears "alive" to the traffic device even if there is no
replication traffic occurring. Thus "keep alive".
There is a *secondary* benefit, in that it does also allow slapd to
detect if a connection was severed, and so re-establish a new connection
in that case, but the primary purpose is to keep it from ever getting
severed in the first place.
If you have no "keepalive" set, and the traffic device severs the
connection, slapd cannot detect this, and will think it's still
connected and no replication will occur until slapd is restarted.
I.e., the primary purpose is to keep the connection alive.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)