[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SyncRepl Problems



Chapman, Kyle wrote:
this may be a silly question, but are you renewing your krb5 ticket that is used for replication?

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek T.
Yarnell
Sent: Monday, October 17, 2005 12:23 PM
To: openldap-software@OpenLDAP.org
Subject: SyncRepl Problems


So I have a 2.3 setup with a provider that is the main RW copy of the ldap and then 2 consumer RO copies. We are a Kerberos5 shop so we use GSSAPI/SASL for the SyncRepl connection. The first time I sync it will work fine, or if I stop and restart slapd it will work. But after a period of time which I don't know what is yet, it will no longer continue SyncRepling. I have seen the idea about the retry option, which I have in use but that does not seem to solve the problem.


This is an up to date 2.3.11 install on all 3 (provider and consumers).

Are other people seeing any issues with GSSAPI and SyncRepl?

#### consumer slapd.conf
Syncrepl rid=101
provider=ldaps://galatea.umiacs.umd.edu
interval=00:00:05:00
type=refreshAndPersist
updatedn="cn=slave,dc=umiacs,dc=umd,dc=edu"
retry=5,+
bindmethod=sasl
saslmech=GSSAPI
binddn="uid=host/ldap1.umiacs.umd.edu,cn=umiacs.umd.edu,cn=gssapi,cn=auth"


Every hour on the hour, I have checked with

[root@ldap1 ~]# cat /etc/cron.hourly/UMrefreshcreds
#!/bin/sh

KRB5CCNAME=/var/run/slapd.ccache /usr/kerberos/bin/kinit -k

[root@ldap1 ~]# KRB5CCNAME=/var/run/slapd.ccache klist
Ticket cache: FILE:/var/run/slapd.ccache
Default principal: host/ldap1.umiacs.umd.edu@umiacs.umd.edu

Valid starting     Expires            Service principal
10/17/05 14:01:01  10/18/05 14:01:01  krbtgt/umiacs.umd.edu@umiacs.umd.edu


Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached


-- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies derek@umiacs.umd.edu