Le 12/12/2018 à 12:00, Alain ZAMBONI a écrit : > Hi,
Hello, > > I'm trying to use LSC to synchronize accounts between two OpenLDAP > servers. I'd like to be as close as possible from real-time so I'm > trying to use the event based sync. LSC is running on a third party > server, not on any of the LDAP servers. > > Sync provider is activated on the source server. I configured a > "asyncLdapSourceService" with the OpenLDAP "serverType", like > described here : > https://lsc-project.org/documentation/latest/configuration/service/sourceasyncldap > > > Extract : > <asyncLdapSourceService> > <name>sebacc-src-unistra-valid</name> > <connection reference="sebina" /> > <baseDn>ou=unistra,o=seb,dc=bus,dc=fr</baseDn> > <pivotAttributes> > <string>uid</string> > </pivotAttributes> > <fetchedAttributes> > <string>uid</string> > [...] > </fetchedAttributes> > > <getAllFilter><![CDATA[(&(busSts=UNISTRASCD)(employeeType=L)(|(busStl=003)(busStl=010)(busStl=011)))]]></getAllFilter> > > <getOneFilter><![CDATA[(uid={uid})]]></getOneFilter> > <cleanFilter><![CDATA[(uid={uid})]]></cleanFilter> > <serverType>OpenLDAP</serverType> > </asyncLdapSourceService> > > I also configured the "asynchronous launch" mode using the start/stop > service as described here : > https://lsc-project.org/documentation/latest/execution/start > > The sync was going well, until the source server crashed because of > too many file descriptors opened. By looking closer, it happened that > my LCS server keeps opening a new ldap connection every 10 second : > Dec 11 17:11:15 sebina-ldap-test slapd[11505]: conn=1251 fd=234 ACCEPT > from IP=130.79.200.18:56276 (IP=0.0.0.0:636) > Dec 11 17:11:25 sebina-ldap-test slapd[11505]: conn=1252 fd=235 ACCEPT > from IP=130.79.200.18:56277 (IP=0.0.0.0:636) > Dec 11 17:11:36 sebina-ldap-test slapd[11505]: conn=1253 fd=236 ACCEPT > from IP=130.79.200.18:56279 (IP=0.0.0.0:636) > [...] > > Each of this connection just request the source with the > "getAllFilter". The LDAP server doesn't send anything, and the > connection never close. So after a while, the fd system limit is reached. > > Besides, I can see the persistent connection I was expecting too, > making a lot of operations. > > It seems to me that a new persistent connection is opened every 10 > seconds, but just the first one is really considered by the OpenLDAP > source server. > > By reading the doc and searching this mailing list, I think I've mixed > things between the event based sync and the aSync mode (with the > "filterAsync" attribute), which request frequently the source server > using the modifyTimeStamp. But I can't find where I messed something. > What did i missed to have a propre event based sync ? Using the asyncLdapSourceService with OpenLDAP requires that your OpenLDAP server is configured as a syncrepl provider (overlay syncprov). LSC will then act as a syncrepl client to get updates. You can else use a standard ldapSourceService but with filterAsync and interval options, to request the LDAP server at regular interval. In both cases, you must launch LSC in async mode (-a). -- Clément Oudot | Identity Solutions Manager [email protected] Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
