Hello
I have a replication problem between two OpenLDAP 2.44 servers configured as multimasters on CentOS 7.3 : The minimal configuration of both are correct (connection OK with admin credentials), I replicate the config and hdb databases as you can see in the configuration above, I use LDAPAdmin to connect to each of them and check if the replication works by creating a test OU: they replicate well. After a week or more, automatic replication no longer works: I have to restart the slapd service to see the data exchange between the two servers ... I have contextCSN for both but they are fixed at the installation date. Do you have an idea ? Thank you
Here are the configuration (the olcServerID change in server2's configuration) : dn: olcDatabase={0}config,cn=config changeType: modify add: olcAccess olcAccess: to * by dn.exact="cn=ldapadm,dc=test,dc=factory" manage by * break
dn: olcDatabase={2}hdb,cn=config changeType: modify add: olcAccess olcAccess: to * by dn.exact="cn=ldapadm,dc=test,dc=factory" manage by * break
dn: cn=config changetype: modify add: olcServerID olcServerID: 1
dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=test,dc=factory" read by * none
### Updating ID ###
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://server1.test.factory olcServerID: 2 ldap://server2.test.factory
### Enabling CONFIG Replication ###
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
### Configuring CONFIG replication ###
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://server1.test.factory binddn="cn=config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://server2.test.factory binddn="cn=config" bindmethod=simple credentials=password searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
### Enabling HDB Replication ###
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
### Configuring HDB replication ###
dn: olcDatabase={2}hdb,cn=config add: olcSyncRepl olcSyncRepl: rid=004 provider=ldap://server1.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncRepl: rid=005 provider=ldap://server2.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1 - add: olcDbIndex olcDbIndex: entryUUID eq - add: olcDbIndex olcDbIndex: entryCSN eq - add: olcMirrorMode olcMirrorMode: TRUE
--On Monday, July 08, 2019 2:46 PM +0000 Nebula WAN Nebula.WAN@hotmail.fr wrote:
Hello
I have a replication problem between two OpenLDAP 2.44 servers configured as multimasters on CentOS 7.3 :
2.44 is not a valid OpenLDAP version. I assume you mean OpenLDAP 2.4.44? I would generally steer clear of the RedHat OpenLDAP build, it's rather old and defaults to using the deprecated back-hdb backend.
After a week or more, automatic replication no longer works: I have to restart the slapd service to see the data exchange between the two servers ... I have contextCSN for both but they are fixed at the installation date. Do you have an idea ?
It sounds like you have a device on the network interfering with replication.
olcSyncRepl: rid=004 provider=ldap://server1.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncRepl: rid=005 provider=ldap://server2.test.factory binddn="cn=ldapadm,dc=test,dc=factory" bindmethod=simple credentials=password searchbase="dc=test,dc=factory" type=refreshOnly interval=00:00:00:10 retry="5 5 300 5" timeout=1
I would suggest you set an appropriate keepalive parameter in the syncrepl stanza. I often use keepalive=240:10:30 but it would depend on the settings of the network device if this is sufficient.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Nebula WAN -
Quanah Gibson-Mount