[Pkg-openldap-devel] Bug#536082: Bug#536082: slapd: LDAP setup as Syncrepl refreshandpersist consumer hangs

Matt Kassawara battery at writeme.com
Tue Jul 7 14:58:04 UTC 2009 

Try changing your syncrepl mode to refreshOnly.

On Tue, Jul 7, 2009 at 7:32 AM, arnout <arnout at kuhn.pse.umass.edu> wrote:

> Package: slapd
> Version: 2.4.11-1
> Severity: normal
>
>
> I have a CentOS server with LDAP 2.3.43-3.el5 setup as provider and a
> debian
> server as consumer. Afer starting the consumer ldap server things work for
> about a day and then changes on the provider server are not propagated
> anymore.
> Also, /etc/init.d/slapd stop will not work and the message "slapd shutdown:
> waiting for 1 threads to terminate" will show up in the log files.
>
> The configuration on the provider is:
>
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/krb5-kdc.schema
> include         /etc/openldap/schema/openldap.schema
> include         /etc/openldap/schema/redhat/autofs.schema
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile /etc/openldap/slapd.pem
> TLSCertificateKeyFile /etc/openldap/slapd.key
>
> modulepath      /usr/lib64/openldap
>
> disallow bind_anon
> disallow bind_simple
>
> sasl-secprops noanonymous,noplain,noactive
>
> sasl-regexp "^uid=([^,]+),cn=GSSAPI,cn=auth"
> "uid=$1,ou=people,dc=example,dc=com"
>
> sasl-realm      example.com
> sasl-host       provider.example.com
>
> access to
>    attrs=loginShell
>    by dn.regex="uid=.*/admin,cn=example.com,cn=gssapi,cn=auth" write
>    by self write
>    by * read
>    by dn="uid=host/consumer.example.com,cn=example.com,cn=gssapi,cn=auth"
> read
> access to *
>    by dn.regex="uid=.*/admin,cn=example.com,cn=gssapi,cn=auth" write
>    by * read
>    by dn="uid=host/consumer.example.com,cn=example.com,cn=gssapi,cn=auth"
> read
>
> sizelimit 5000
>
> threads 8
>
> idletimeout 3600
>
> loglevel sync
>
> database        bdb
> suffix          "dc=example,dc=com"
>
> cachesize 10000
>
> checkpoint 256 15
>
> directory       /var/lib/ldap
>
> index   objectClass,uid,uidNumber,gidNumber     eq
> index   cn,mail,surname,givenname                       eq,subinitial
>
> overlay syncprov
> syncprov-checkpoint 1000 60
>
> and on the debian consumer:
>
>
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /etc/ldap/schema/core.schema
> include         /etc/ldap/schema/cosine.schema
> include         /etc/ldap/schema/inetorgperson.schema
> include         /etc/ldap/schema/nis.schema
> include         /etc/ldap/schema/krb5-kdc.schema
> include         /etc/ldap/schema/openldap.schema
> include         /etc/ldap/schema/redhat/autofs.schema
>
> pidfile         /var/run/slapd/slapd.pid
>
> argsfile        /var/run/slapd/slapd.args
>
> loglevel 256
>
> moduleload  back_bdb
>
> TLSCACertificateFile /etc/ldap/cacerts/cacert.pem
> TLSCertificateFile /etc/ldap/slapd.pem
> TLSCertificateKeyFile /etc/ldap/slapd.key
>
> moduleload back_bdb
>
> disallow bind_anon
> disallow bind_simple
>
> sasl-secprops noanonymous,noplain,noactive
>
> sasl-regexp "^uid=([^,]+),cn=GSSAPI,cn=auth"
> "uid=$1,ou=people,dc=example,dc=com"
>
> sasl-realm      example.com
> sasl-host       consumer.example.com
>
> access to
>    attrs=loginShell
>    by self write
>    by * read
> access to *
>    by * read
>
> sizelimit 5000
>
> idletimeout 3600
>
> database        bdb
> suffix          "dc=example,dc=com"
> rootdn          "cn=manager,dc=example,dc=com"
>
> cachesize 10000
>
> checkpoint      512 30
>
> directory       /var/lib/ldap
>
> index   objectClass,uid,uidNumber,gidNumber     eq
> index   cn,mail,surname,givenname                       eq,subinitial
>
> syncrepl rid=001 \
> provider=ldaps://provider.example.com:636 \
> type=refreshAndPersist \
> searchbase="dc=example,dc=com" \
> attrs=* \
> schemachecking=off \
> bindmethod=sasl \
> saslmech=GSSAPI \
> binddn="uid=host/consumer.example.com,dc=example,dc=com"
>
>
> -- System Information:
> Debian Release: 5.0.2
>  APT prefers stable
>  APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages slapd depends on:
> ii  adduser           3.110                  add and remove users and
> groups
> ii  coreutils         6.10-6                 The GNU core utilities
> ii  debconf [debconf- 1.5.24                 Debian configuration
> management sy
> ii  libc6             2.7-18                 GNU C Library: Shared
> libraries
> ii  libdb4.2          4.2.52+dfsg-5          Berkeley v4.2 Database
> Libraries [
> ii  libgnutls26       2.4.2-6+lenny1         the GNU TLS library - runtime
> libr
> ii  libldap-2.4-2     2.4.11-1               OpenLDAP libraries
> ii  libltdl3          1.5.26-4               A system independent dlopen
> wrappe
> ii  libperl5.10       5.10.0-19              Shared Perl library
> ii  libsasl2-2        2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication
> abstra
> ii  libslp1           1.2.1-7.5              OpenSLP libraries
> ii  libwrap0          7.6.q-16               Wietse Venema's TCP wrappers
> libra
> ii  perl [libmime-bas 5.10.0-19              Larry Wall's Practical
> Extraction
> ii  psmisc            22.6-1                 Utilities that use the proc
> filesy
> ii  unixodbc          2.2.11-16              ODBC tools libraries
>
> Versions of packages slapd recommends:
> ii  libsasl2-modules  2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable
> authenticat
>
> Versions of packages slapd suggests:
> ii  ldap-utils                    2.4.11-1   OpenLDAP utilities
>
> -- debconf information:
>  slapd/password_mismatch:
>  slapd/tlsciphersuite:
>  slapd/invalid_config: true
>  shared/organization: example.com
>  slapd/upgrade_slapcat_failure:
>  slapd/slurpd_obsolete:
>  slapd/backend: HDB
>  slapd/dump_database: when needed
>  slapd/allow_ldap_v2: false
>  slapd/no_configuration: false
>  slapd/move_old_database: true
>  slapd/suffix_change: false
>  slapd/dump_database_destdir: /var/backups/slapd-VERSION
>  slapd/purge_database: false
>  slapd/domain: example.com
>
>
>
> _______________________________________________
> Pkg-openldap-devel mailing list
> Pkg-openldap-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20090707/f08c0435/attachment.htm>

More information about the Pkg-openldap-devel mailing list