[Date Prev][Date Next]
Re: pwdChangedTime/authTimestamp, MMR etc.
Forgot this info:
OpenLDAP 2.4.39 with back-mdb
refreshAndPersist with keepalive set,
authc with SASL/EXTERNAL based on TLS client certs
On Fri, 15 Aug 2014 12:21:30 +0200 "Michael Ströder" <email@example.com>
> I have a replication topology with providers running with MMR and a layer of
> r/o consumers..
> - spread across three data centers
> - in two different countries (DE and foreign country)
> Network traffic between the countries has higher latency so consumers are
> only accessing providers within the same country.
> Write operations go nearly 100% to a single provider in Germany.
> All systems are using these overlays:
> - slapo-ppolicy (mostly for password expiry)
> - slapo-lastbind overlays
> - slapo-accesslog (yes, also on consumers)
> Now occasionally contextCSN values differ most times for a couple of minutes
> on the consumers in the foreign country from their local providers.
> I cannot tell exactly which conditions are causing this. But I observed that
> most times there was a login failure on the provider in Germany which results
> in 'pwdChangedTime' being set and replicated to the consumers. Most times
> followed by 'authTimestamp' being correctly set.
> So I wonder whether the differences of the contextCSN values could be caused
> by 'pwdChangedTime' and 'authTimestamp' being replicated to providers but not
> to consumers.
> Any clue? Thanks in advance.
> Ciao, Michael.
Michael Ströder Klauprechtstr. 11
Dipl.-Inform. D-76137 Karlsruhe, Germany
Tel.: +49 721 8304316 Mobil: +49 170 2391920
E-Mail: firstname.lastname@example.org http://www.stroeder.com