[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsync slapd Can't contact LDAP server



On 11-07-14 6:38 PM, Quanah Gibson-Mount wrote:
--On Thursday, July 14, 2011 6:25 PM -0400 Daniel Qian <daniel@up247solution.com> wrote:

Hi,

I have a simple syncrepl setup that kind of works but every two hours
there is a syncing problem from the log on the consumer side:

My guess is you have a firewall system or similar closing the connection every 2 hours. I suggest you read up on the keepalive settings available with the syncrepl configuration (available on linux anyhow).

--Quanah


It was indeed a session timeout problem. My linux consumer has a default tcp keepalive set to two hours but the firewall only allows 30 minutes by default.

Since release 2.4.22 there is a keepalive setting for syncrepl so I set it like this

olcSyncrepl: {0}rid=002
  provider="ldap://ldaprovider:389/";
  type=refreshAndPersist
  retry="60 30 300 +"
  keepalive=1200:10:3
  searchbase="dc=mydomain,dc=com"
  bindmethod=simple binddn="cn=replica,dc=mydomain,dc=com"
  credentials=mypassword

and the problem went away.

Thanks Quanah for pointing me to the right direction

Daniel