Quoting Toni Mueller <[email protected]>:
Hi,
who of you is using OpenLDAP in a replicated setup using syncrepl, as
opposed to slurp, and with TLS?
I found that these three configuration statements make the difference
between a working LDAP server and one that hangs on every 'add'
operation, requiring a 'kill -9' and a restart:
overlay syncprov
syncprov-checkpoint 10 5
syncprov-sessionlog 100
Afaik, these are required for a server to be a replication master.
I've not yet tried to get rid of TLS, though, but to reproduce the
problem, it's not necessary to use TLS from the client to exercise the
problem. It's also not necessary to have a replication slave on the
server to exercise the problem. It only needs to be there in slapd.conf
The last things from my protocol after such an 'add' operation are:
send_ldap_result: err=0 matched="" text=""
ldbm_back_modify:
And at that point, it hangs. Killing and restarting the server (almost
bearable, thanks to runit), allows me to access the directory again and
find the newly created entry there.
--
Kind regards,
--Toni++
FWIW here is what I did a few years ago
http://marc.info/?l=openbsd-misc&m=118041036902594&w=2
For the past year I have used the port for 2.4.12 (please see Stuart
Henderson's email messages on openldap from February/March 2009)
My slapd.conf has the following
moduleload syncprov
index entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
There have been absolutely no problems with this port so far and it
has been running for the past 246 days.
I use TLS
--
Vijay Sankar
ForeTell Technologies Limited
Phone: +1 (204) 885-9535
E-Mail: vsankar at foretell dot ca
