[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: new admin guide draft





>I've almost got it working. What puzzles me is that it does not seem to
>recover from errors. For example, if a SASL bind fails (in this case,
>credentials had not yet become available):

>Sep 17 18:25:51 ornette slapd[5619]: GSSAPI Error:  Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)
>Sep 17 18:25:51 ornette slapd[5619]: do_syncrepl: ldap_sasl_interactive_bind_s failed (82)

>I would expect it to retry after interval -- and I have the interval set
>to 00:00:01 in slapd.conf.


current behavior :
- refreshOnly : will restart after the interval
- refreshAndPersist : the syncrepl thread will be terminated

The behaviors upon bind or search errors should depend on the type of error and the policy.

For example in the SASL bind case above, issues are
1) whether the error code uniquely identifies the cause of the error (in this example, LDAP_LOCAL_ERROR) or not
2) how to know in advance the future availability of the credentials...

We may
1) stop the consumer server,
2) stop the synchronization,
3) retry with fixed interval,
4) retry with increasing delay ...
depending on error types and the specified policies.

The retry interval above shall be orthogonal to the synchronization interval in the refreshOnly mode.

- Jong

------------------------
Jong Hyuk Choi
IBM Thomas J. Watson Research Center - Enterprise Linux Group
P. O. Box 218, Yorktown Heights, NY 10598
email: jongchoi@us.ibm.com
(phone) 914-945-3979    (fax) 914-945-4425   TL: 862-3979