Re: SyncRepl Problems

Chapman, Kyle wrote:
this may be a silly question, but are you renewing your krb5 ticket that is used for replication?

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek T.
Sent: Monday, October 17, 2005 12:23 PM
To: openldap-software@OpenLDAP.org
Subject: SyncRepl Problems

So I have a 2.3 setup with a provider that is the main RW copy of the ldap and then 2 consumer RO copies. We are a Kerberos5 shop so we use GSSAPI/SASL for the SyncRepl connection. The first time I sync it will work fine, or if I stop and restart slapd it will work. But after a period of time which I don't know what is yet, it will no longer continue SyncRepling. I have seen the idea about the retry option, which I have in use but that does not seem to solve the problem.

This is an up to date 2.3.11 install on all 3 (provider and consumers).

Are other people seeing any issues with GSSAPI and SyncRepl?

#### consumer slapd.conf
Syncrepl rid=101

Every hour on the hour, I have checked with

[root@ldap1 ~]# cat /etc/cron.hourly/UMrefreshcreds

KRB5CCNAME=/var/run/slapd.ccache /usr/kerberos/bin/kinit -k

[root@ldap1 ~]# KRB5CCNAME=/var/run/slapd.ccache klist
Ticket cache: FILE:/var/run/slapd.ccache
Default principal: host/ldap1.umiacs.umd.edu@umiacs.umd.edu

Valid starting     Expires            Service principal
10/17/05 14:01:01  10/18/05 14:01:01  krbtgt/umiacs.umd.edu@umiacs.umd.edu

Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached

-- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies derek@umiacs.umd.edu