[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SyncRepl Problems
Chapman, Kyle wrote:
this may be a silly question, but are you renewing your krb5 ticket that is used for replication?
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Derek T.
Yarnell
Sent: Monday, October 17, 2005 12:23 PM
To: openldap-software@OpenLDAP.org
Subject: SyncRepl Problems
So I have a 2.3 setup with a provider that is the main RW copy of the
ldap and then 2 consumer RO copies. We are a Kerberos5 shop so we use
GSSAPI/SASL for the SyncRepl connection. The first time I sync it will
work fine, or if I stop and restart slapd it will work. But after a
period of time which I don't know what is yet, it will no longer
continue SyncRepling. I have seen the idea about the retry option,
which I have in use but that does not seem to solve the problem.
This is an up to date 2.3.11 install on all 3 (provider and consumers).
Are other people seeing any issues with GSSAPI and SyncRepl?
#### consumer slapd.conf
Syncrepl rid=101
provider=ldaps://galatea.umiacs.umd.edu
interval=00:00:05:00
type=refreshAndPersist
updatedn="cn=slave,dc=umiacs,dc=umd,dc=edu"
retry=5,+
bindmethod=sasl
saslmech=GSSAPI
binddn="uid=host/ldap1.umiacs.umd.edu,cn=umiacs.umd.edu,cn=gssapi,cn=auth"
Every hour on the hour, I have checked with
[root@ldap1 ~]# cat /etc/cron.hourly/UMrefreshcreds
#!/bin/sh
KRB5CCNAME=/var/run/slapd.ccache /usr/kerberos/bin/kinit -k
[root@ldap1 ~]# KRB5CCNAME=/var/run/slapd.ccache klist
Ticket cache: FILE:/var/run/slapd.ccache
Default principal: host/ldap1.umiacs.umd.edu@umiacs.umd.edu
Valid starting Expires Service principal
10/17/05 14:01:01 10/18/05 14:01:01 krbtgt/umiacs.umd.edu@umiacs.umd.edu
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
derek@umiacs.umd.edu