[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl stops replicating



Hello,

I have problems with an OpenLDAP deployment that use syncrepl, it works
like expected for some time but in some cases the consumer just stops
replicating, the log level was set to -1 but still does not gives enough
information, the problem only hits if is use with SSL and in the
production network (in a test environment with all servers in the same
subnet works fine); I suspect there is some kind of race situation where
one thread has a lock that some other need but at the same time it is
waiting for some network package.

So I will like to ask you if you have seen similar problems and if you
have any suggestion about how to find the cause of the problem.


The consumer conf is:
include  /etc/openldap/schema/core.schema
include  /etc/openldap/schema/cosine.schema
include  /etc/openldap/schema/inetorgperson.schema
include  /etc/openldap/schema/rfc2307bis.schema
include  /etc/openldap/schema/samba3.schema
include  /etc/openldap/schema/yast.schema
schemacheck on
loglevel    0 
threads     32
pidfile  /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
password-hash   {md5}
modulepath	/usr/lib/openldap/modules
security update_ssf=112
access to dn.base=""
        by * read
access to attr=userPassword
	by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
	by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
	by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
        by * auth
access to attrs=SambaLMPassword,SambaNTPassword
    by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
    by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" read
    by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
    by * none
access to attr=sambaAcctFlags
	by dn="cn=Manager,dc=dezentral,dc=kunde,dc=net" read
	by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
	by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
write
        by * none
access to *
	by dn="cn=pam,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
	by
dn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net" write
	by dn="cn=smb,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
read
        by * none
        
TLSVerifyClient        try
TLSCertificateFile    
/etc/openldap/tls/u090003v.dezentral.kunde.net.crt
TLSCACertificateFile   /etc/openldap/ca/ca.dezentral.kunde.net.pem
TLSCertificateKeyFile 
/etc/openldap/tls/u090003v.dezentral.kunde.net.key
database bdb
directory    /var/lib/ldap
cachesize    30000
idlcachesize 5000
checkpoint   1024 5
lastmod      on
mode         0600
suffix       "dc=dezentral,dc=kunde,dc=net"
rootdn      
"cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
syncrepl rid=10
  provider=ldaps://u962006e.essen.kunde.de
  type=refreshOnly
  interval=00:00:03:00	
  retry="60 +"
  searchbase="dc=dezentral,dc=kunde,dc=net"
 
filter="(|(objectClass=posixGroup)(objectClass=organization)(objectClass=organizationalRole)(objectClass=organizationalUnit)(objectClass=sambaDomain)(&(objectClass=posixAccount)(|(departmentNumber=0900)(departmentNumber=admin))))"
  scope=sub
  schemachecking=off
 
updatedn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
  bindmethod=simple
 
binddn="cn=Replikator,ou=Systemaccounts,dc=dezentral,dc=kunde,dc=net"
  credentials=dasistgeheim
updateref    "ldaps://u962006e.essen.kunde.de"
index objectClass,uidNumber,gidNumber,entryUUid eq
index member,mail,memberUid,departmentNumber eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq