[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Syncrepl stops replicating
Hello,
I have problems with an OpenLDAP deployment that use syncrepl, it works
like expected for some time but in some cases the consumer just stops
replicating, the log level was set to -1 but still does not gives enough
information, the problem only hits if is use with SSL and in the
production network (in a test environment with all servers in the same
subnet works fine); I suspect there is some kind of race situation where
one thread has a lock that some other need but at the same time it is
waiting for some network package.
So I will like to ask you if you have seen similar problems and if you
have any suggestion about how to find the cause of the problem.
The consumer conf is:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/yast.schema
schemacheck on
loglevel 0
threads 32
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
password-hash {md5}
modulepath /usr/lib/openldap/modules
security update_ssf=112
access to dn.base=""
by * read
access to attr=userPassword
by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
by * auth
access to attrs=SambaLMPassword,SambaNTPassword
by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" read
by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
by * none
access to attr=sambaAcctFlags
by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
write
by * none
access to *
by dn="cn=pam,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
by * none
TLSVerifyClient try
TLSCertificateFile
/etc/openldap/tls/u090003v.dezentral.kunde.net.crt
TLSCACertificateFile /etc/openldap/ca/ca.dezentral.kunde.net.pem
TLSCertificateKeyFile
/etc/openldap/tls/u090003v.dezentral.kunde.net.key
database bdb
directory /var/lib/ldap
cachesize 30000
idlcachesize 5000
checkpoint 1024 5
lastmod on
mode 0600
suffix "dc=dezentral,dc=kunde,dc=net"
rootdn
"cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
syncrepl rid=10
provider=ldaps://u962006e.essen.kunde.de
type=refreshOnly
interval=00:00:03:00
retry="60 +"
searchbase="dc=dezentral,dc=kunde,dc=net"
filter="(|(objectClass=posixGroup)(objectClass=organization)(objectClass=organizationalRole)(objectClass=organizationalUnit)(objectClass=sambaDomain)(&(objectClass=posixAccount)(|(departmentNumber=0900)(departmentNumber=admin))))"
scope=sub
schemachecking=off
updatedn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
bindmethod=simple
binddn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
credentials=dasistgeheim
updateref "ldaps://u962006e.essen.kunde.de"
index objectClass,uidNumber,gidNumber,entryUUid eq
index member,mail,memberUid,departmentNumber eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq