Here you are, the config of the second machine is identical,
apart from the different provider ####################################################################### # # Global settings # ####################################################################### pidfile
/var/run/slapd.pid argsfile
/var/run/slapd.args ucdata-path /usr/ucdata serverID 1 moduleload syncprov ################################### # Useful settings for
enabling LDAPS (i.e. LDAP over SSL/TLS) access to this server ################################### TLSCACertificateFile
/etc/TLS/ca-certs/trusted_CAs.pem TLSCACertificatePath
/etc/TLS/links TLSCertificateFile
/etc/TLS/server/server.pem TLSCertificateKeyFile
/etc/TLS/server/server_key.pem TLSCipherSuite HIGH:MEDIUM:SSLv3 TLSVerifyClient try ################################### # Public LDAP schemas ################################### include
/etc/schema/core.schema include
/etc/schema/cosine.schema include
/etc/schema/inetorgperson.schema ################################### # Gateway specific LDAP
schemas ################################### include
/etc/schema/database.schema loglevel 256 ################################### # Access control ################################### access to attrs=userPassword by anonymous auth by * none access to
dn.subtree="dc=SpecialBranch,dc=head" by
dn.base="cn=SpecialBranchUser,dc=SpecialBranch,dc=head" write by
dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none access to * by
dn.base="cn=Replicator,dc=DatabaseReplication,dc=head" write by * none access to * by * none ####################################################################### # # Database definitions # ####################################################################### ################################### # Database for SpecialBranch ################################### database bdb suffix
"dc=SpecialBranch,dc=head" subordinate rootdn
"cn=admin,dc=head" directory
/var/db-SpecialBranch monitoring off index objectClass
eq index entryCSN
eq index entryUUID
eq index contextCSN
eq index
DatabaseAttrRuleID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 # syncrepl directiv syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=SpecialBranch,dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on
type=refreshAndPersist retry="5
12 60 +" mirrormode on ################################### # Database for the general
configuration ################################### database bdb suffix
"dc=head" rootdn
"cn=admin,dc=head" rootpw
"{SSHA}fO7A1sCrZzhy2IpNCvoVrQ9oRFpFY8Uj" directory
/var/db-general monitoring off index objectClass eq index entryCSN
eq index entryUUID
eq index contextCSN
eq index mail
eq,sub index
DatabaseAttrIssuerDN eq,sub index
DatabaseAttrSubjectDN eq,sub index
DatabaseAttrSerial eq index
DatabaseAttrFingerprint eq,sub index
DatabaseAttrKeyID eq,sub index
DatabaseAttrKeySigner pres index
DatabaseAttrKeyHash eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 # syncrepl directiv syncrepl rid=001
provider=ldap://192.168.120.237:388
bindmethod=simple
binddn="cn=Replicator,dc=DatabaseReplication,dc=head"
credentials="fdet2zS3"
searchbase="dc=head"
starttls=critical
tls_cacert=/etc/TLS/ca-certs/trusted_CAs.pem
tls_cert=etc/TLS/client/client.pem
tls_key=etc/TLS/client/client_key.pem
schemachecking=on type=refreshAndPersist retry="5
12 60 +" mirrormode on #eof Von: Benjamin Griese
[mailto:der.darude@gmail.com] Hi Thorsten, On Fri, Mar 26, 2010 at 09:40, Thorsten Mueller <Thorsten.Mueller@aachen.utimaco.de>
wrote: Hi, I am using two slapd 2.4.20 in mirror mode. Everything seem to work
fine. When I shut down slapd_A, I can see the connection retries in the log of
B. After restarting A everything is fine. Replication works in both directions. When I switch off the machine hosting A, B does not log anything.
After starting machine A, replication only works from B to A and not from A to
B. Only after restarting slapd_B the connection is reestablished
and the changes are synced. I see the same behavior, if I just do a “ifconfig
eth0 down”. The remaining slapd seems not to recognize a loss of the network
connection. Is this a bug in openldap, or a configuration issue on my side? Thanks, Thorsten
|