Hi,
I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.
When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The remaining slapd seems not to recognize a loss of the network connection. Is this a bug in openldap, or a configuration issue on my side?
Thanks, Thorsten
Hi Thorsten,
please provide more information for example your slapd.conf / slapd.d. The more infos you give the more feedback you get.
Bye.
On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller < Thorsten.Mueller@aachen.utimaco.de> wrote:
Hi,
I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.
When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a “ifconfig eth0 down”. The remaining slapd seems not to recognize a loss of the network connection.
Is this a bug in openldap, or a configuration issue on my side?
Thanks,
Thorsten
Here you are, the config of the second machine is identical, apart from the different provider
####################################################################### # # Global settings # #######################################################################
pidfile /var/run/slapd.pid argsfile /var/run/slapd.args ucdata-path /usr/ucdata
serverID 1
moduleload syncprov
################################### # Useful settings for enabling LDAPS (i.e. LDAP over SSL/TLS) access to this server ###################################
TLSCACertificateFile /etc/TLS/ca-certs/trusted_CAs.pem TLSCACertificatePath /etc/TLS/links TLSCertificateFile /etc/TLS/server/server.pem TLSCertificateKeyFile /etc/TLS/server/server_key.pem TLSCipherSuite HIGH:MEDIUM:SSLv3 TLSVerifyClient try
################################### # Public LDAP schemas ###################################
include /etc/schema/core.schema include /etc/schema/cosine.schema include /etc/schema/inetorgperson.schema
################################### # Gateway specific LDAP schemas ###################################
include /etc/schema/database.schema
loglevel 256
################################### # Access control ###################################
access to attrs=userPassword by anonymous auth by * none
access to dn.subtree="dc=SpecialBranch,dc=head" by dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none
access to * by dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none
access to * by * none
####################################################################### # # Database definitions # #######################################################################
################################### # Database for SpecialBranch ###################################
database bdb suffix "dc=SpecialBranch,dc=head" subordinate rootdn "cn=admin,dc=head" directory /var/db-SpecialBranch monitoring off index objectClass eq index entryCSN eq index entryUUID eq index contextCSN eq index DatabaseAttrRuleID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directiv syncrepl rid=001 provider=ldap://192.168.120.237:388 bindmethod=simple binddn="cn=Replicator,dc=DatabaseReplication,dc=head" credentials="fdet2zS3" searchbase="dc=SpecialBranch,dc=head" starttls=critical tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem tls_cert=etc/TLS/client/client.pem tls_key=etc/TLS/client/client_key.pem schemachecking=on type=refreshAndPersist retry="5 12 60 +"
mirrormode on
################################### # Database for the general configuration ###################################
database bdb suffix "dc=head" rootdn "cn=admin,dc=head" rootpw "{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj" directory /var/db-general monitoring off index objectClass eq index entryCSN eq index entryUUID eq index contextCSN eq index mail eq,sub index DatabaseAttrIssuerDN eq,sub index DatabaseAttrSubjectDN eq,sub index DatabaseAttrSerial eq index DatabaseAttrFingerprint eq,sub index DatabaseAttrKeyID eq,sub index DatabaseAttrKeySigner pres index DatabaseAttrKeyHash eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
# syncrepl directiv syncrepl rid=001 provider=ldap://192.168.120.237:388 bindmethod=simple binddn="cn=Replicator,dc=DatabaseReplication,dc=head" credentials="fdet2zS3" searchbase="dc=head" starttls=critical tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem tls_cert=etc/TLS/client/client.pem tls_key=etc/TLS/client/client_key.pem schemachecking=on type=refreshAndPersist retry="5 12 60 +"
mirrormode on
#eof
Von: Benjamin Griese [mailto:der.darude@gmail.com] Gesendet: Freitag, 26. März 2010 10:05 An: Thorsten Mueller Cc: openldap-technical@openldap.org Betreff: Re: syncrepl connection / reconnect
Hi Thorsten,
please provide more information for example your slapd.conf / slapd.d. The more infos you give the more feedback you get.
Bye. On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <Thorsten.Mueller@aachen.utimaco.demailto:Thorsten.Mueller@aachen.utimaco.de> wrote: Hi,
I am using two slapd 2.4.20 in mirror mode. Everything seem to work fine. When I shut down slapd_A, I can see the connection retries in the log of B. After restarting A everything is fine. Replication works in both directions.
When I switch off the machine hosting A, B does not log anything. After starting machine A, replication only works from B to A and not from A to B. Only after restarting slapd_B the connection is reestablished and the changes are synced. I see the same behavior, if I just do a "ifconfig eth0 down". The remaining slapd seems not to recognize a loss of the network connection. Is this a bug in openldap, or a configuration issue on my side?
Thanks, Thorsten
-- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
Thorsten Mueller Thorsten.Mueller@aachen.utimaco.de writes:
Here you are, the config of the second machine is identical, apart from the different provider
[...]
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directiv
syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist
retry="5 12 60 +"
mirrormode on
[...]
order matters, syncrepl has to be declared within a database specification, modules are loaded last, after all database specific configuration parameters.
-Dieter
"Dieter Kluenter" dieter@dkluenter.de writes:
Thorsten Mueller Thorsten.Mueller@aachen.utimaco.de writes:
Here you are, the config of the second machine is identical, apart from the different provider
[...]
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directiv
syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist
retry="5 12 60 +"
mirrormode on
[...]
order matters, syncrepl has to be declared within a database specification, modules are loaded last, after all database specific configuration parameters.
Sorry my bad, this should read ..overlays are loaded last...
-Dieter
Jap, changing the order did not really help. When calling netstat, I see the connection is still ESTABLISHED, even if the second machine is switched off. May be I need to wait for the tcp_keepalive_timeout. I would expect the slapd somehow recognizes the loss of the connection to the second slapd.
-----Ursprüngliche Nachricht----- Von: openldap-technical-bounces+thorsten.mueller=aachen.utimaco.de@OpenLDAP.org [mailto:openldap-technical-bounces+thorsten.mueller=aachen.utimaco.de@OpenLDAP.org] Im Auftrag von Dieter Kluenter Gesendet: Freitag, 26. März 2010 15:40 An: openldap-technical@openldap.org Betreff: Re: AW: syncrepl connection / reconnect
"Dieter Kluenter" dieter@dkluenter.de writes:
Thorsten Mueller Thorsten.Mueller@aachen.utimaco.de writes:
Here you are, the config of the second machine is identical, apart from the different provider
[...]
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directiv
syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist
retry="5 12 60 +"
mirrormode on
[...]
order matters, syncrepl has to be declared within a database specification, modules are loaded last, after all database specific configuration parameters.
Sorry my bad, this should read ..overlays are loaded last...
-Dieter
openldap-technical@openldap.org
-
Benjamin Griese -
Dieter Kluenter -
Thorsten Mueller