Thank you, Quanah,
I didn't know about the "keepalive" option for syncrepl. Now that you mentioned, I found some old 2017 discussion on this list with a very similar issue I have, where you mentioned this option. I see it in the slapd manual page but not on 2.4 (or 2.5) admin site: https://www.openldap.org/doc/admin24/replication.html
I'll try adding it to the config and will definitely consider upgrading to a newer version in some fashion.
Thanks, Mircea -- Mircea Baciu | Senior Unix Systems Administrator Simmons University | 300 The Fenway | Boston, MA 02115 | 617-521-2194
On Mon, Sep 20, 2021 at 11:12 AM Quanah Gibson-Mount quanah@symas.com wrote:
--On Monday, September 20, 2021 11:38 AM -0400 Mircea Baciu mircea.baciu@simmons.edu wrote:
The providers are OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), running on RHEL 7. The consumer is OpenLDAP 2.4.44 (openldap-2.4.44-24.el7_9.x86_64), running on CentOS 7.
Hello,
The OpenLDAP 2.4.44 release is over 5 years old and numerous replication related issues have been fixed since that time. Additionally, RedHat is known to have made questionable modifications to libldap, particularly around the TLS layer in RHEL7.
I'd strongly advise you to upgrade to a current release of OpenLDAP. I would note that Symas provides free drop-in replacement builds of OpenLDAP for RHEL7 with optional support available (https://repo.symas.com/sofl/rhel7/).
Symas also provides free builds of the current OpenLDAP release series (2.5) with optional support available (https://repo.symas.com/soldap/rhel7/).
I'd also note that your syncrepl stanza is missing the "keepalive" option, which is usually essential when dealing with traffic through load balancers.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org