[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsync slapd Can't contact LDAP server

To: openldap-technical@openldap.org
Subject: Re: ldapsync slapd Can't contact LDAP server
From: Daniel Qian <daniel@up247solution.com>
Date: Fri, 15 Jul 2011 11:58:10 -0400
In-reply-to: <9A0393D2A510462A95AC4030@[192.168.1.2]>
References: <4E1F6CE3.8060900@up247solution.com> <9A0393D2A510462A95AC4030@[192.168.1.2]>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11

On 11-07-14 6:38 PM, Quanah Gibson-Mount wrote:

--On Thursday, July 14, 2011 6:25 PM -0400 Daniel Qian<daniel@up247solution.com> wrote:
Hi,

I have a simple syncrepl setup that kind of works but every two hours
there is a syncing problem from the log on the consumer side:
My guess is you have a firewall system or similar closing theconnection every 2 hours. I suggest you read up on the keepalivesettings available with the syncrepl configuration (available on linuxanyhow).
--Quanah

It was indeed a session timeout problem. My linux consumer has a defaulttcp keepalive set to two hours but the firewall only allows 30 minutesby default.

Since release 2.4.22 there is a keepalive setting for syncrepl so I setit like this


olcSyncrepl: {0}rid=002
  provider="ldap://ldaprovider:389/";
  type=refreshAndPersist
  retry="60 30 300 +"
  keepalive=1200:10:3
  searchbase="dc=mydomain,dc=com"
  bindmethod=simple binddn="cn=replica,dc=mydomain,dc=com"
  credentials=mypassword

and the problem went away.

Thanks Quanah for pointing me to the right direction

Daniel

References:
- ldapsync slapd Can't contact LDAP server
  - From: Daniel Qian <daniel@up247solution.com>
- Re: ldapsync slapd Can't contact LDAP server
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Problem with verifying replication state with contextCSN
Next by Date: Re: Problem with verifying replication state with contextCSN
Index(es):
- Chronological
- Thread