Hi,
I'm trying to use LSC to synchronize accounts between two OpenLDAP
servers. I'd like to be as close as possible from real-time so I'm
trying to use the event based sync. LSC is running on a third party
server, not on any of the LDAP servers.
Sync provider is activated on the source server. I configured a
"asyncLdapSourceService" with the OpenLDAP "serverType", like described
here :
https://lsc-project.org/documentation/latest/configuration/service/sourceasyncldap
Extract :
<asyncLdapSourceService>
<name>sebacc-src-unistra-valid</name>
<connection reference="sebina" />
<baseDn>ou=unistra,o=seb,dc=bus,dc=fr</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>uid</string>
[...]
</fetchedAttributes>
<getAllFilter><![CDATA[(&(busSts=UNISTRASCD)(employeeType=L)(|(busStl=003)(busStl=010)(busStl=011)))]]></getAllFilter>
<getOneFilter><![CDATA[(uid={uid})]]></getOneFilter>
<cleanFilter><![CDATA[(uid={uid})]]></cleanFilter>
<serverType>OpenLDAP</serverType>
</asyncLdapSourceService>
I also configured the "asynchronous launch" mode using the start/stop
service as described here :
https://lsc-project.org/documentation/latest/execution/start
The sync was going well, until the source server crashed because of too
many file descriptors opened. By looking closer, it happened that my LCS
server keeps opening a new ldap connection every 10 second :
Dec 11 17:11:15 sebina-ldap-test slapd[11505]: conn=1251 fd=234 ACCEPT
from IP=130.79.200.18:56276 (IP=0.0.0.0:636)
Dec 11 17:11:25 sebina-ldap-test slapd[11505]: conn=1252 fd=235 ACCEPT
from IP=130.79.200.18:56277 (IP=0.0.0.0:636)
Dec 11 17:11:36 sebina-ldap-test slapd[11505]: conn=1253 fd=236 ACCEPT
from IP=130.79.200.18:56279 (IP=0.0.0.0:636)
[...]
Each of this connection just request the source with the "getAllFilter".
The LDAP server doesn't send anything, and the connection never close.
So after a while, the fd system limit is reached.
Besides, I can see the persistent connection I was expecting too, making
a lot of operations.
It seems to me that a new persistent connection is opened every 10
seconds, but just the first one is really considered by the OpenLDAP
source server.
By reading the doc and searching this mailing list, I think I've mixed
things between the event based sync and the aSync mode (with the
"filterAsync" attribute), which request frequently the source server
using the modifyTimeStamp. But I can't find where I messed something.
What did i missed to have a propre event based sync ?
Thank you for your help.
--
Alain Zamboni
Direction du Numérique
Université de Strasbourg
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
