Christian Kratzer wrote: > On Tue, 3 Dec 2013, Christian Kratzer wrote: >> we are currently chasing a strange issue at a customers site where the ldap >> slaves become unresponsive when network connectivity to master ldaps and dns >> servers is lost. >> >> They have a setup of two masters and two slaves at separate sites. There is >> a load balancer sitting in front of the slaves that performs regular health >> checks consisting of binds followed by a search of their binddn. > > > It seems that this is due to ldap chaining from slave to master running > without a timeout and eventually blocking all of slapd. That was my first idea remembering your former info about your setup. > We use referrals and chaining for slapo-ppolicy and slapo-lastbind (with > replication patch from ITS#7721). You have been warned. ;-) No, I don't have a good suggestion other than to avoid chaining write operations by slapo-ppolicy and slapo-lastbind. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature