Try changing your syncrepl mode to refreshOnly.<br><br><div class="gmail_quote">On Tue, Jul 7, 2009 at 7:32 AM, arnout <span dir="ltr"><<a href="mailto:arnout@kuhn.pse.umass.edu">arnout@kuhn.pse.umass.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Package: slapd<br>
Version: 2.4.11-1<br>
Severity: normal<br>
<br>
<br>
I have a CentOS server with LDAP 2.3.43-3.el5 setup as provider and a debian<br>
server as consumer. Afer starting the consumer ldap server things work for<br>
about a day and then changes on the provider server are not propagated anymore.<br>
Also, /etc/init.d/slapd stop will not work and the message "slapd shutdown:<br>
waiting for 1 threads to terminate" will show up in the log files.<br>
<br>
The configuration on the provider is:<br>
<br>
#<br>
# See slapd.conf(5) for details on configuration options.<br>
# This file should NOT be world readable.<br>
#<br>
include /etc/openldap/schema/core.schema<br>
include /etc/openldap/schema/cosine.schema<br>
include /etc/openldap/schema/inetorgperson.schema<br>
include /etc/openldap/schema/nis.schema<br>
include /etc/openldap/schema/krb5-kdc.schema<br>
include /etc/openldap/schema/openldap.schema<br>
include /etc/openldap/schema/redhat/autofs.schema<br>
<br>
pidfile /var/run/openldap/slapd.pid<br>
argsfile /var/run/openldap/slapd.args<br>
<br>
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem<br>
TLSCertificateFile /etc/openldap/slapd.pem<br>
TLSCertificateKeyFile /etc/openldap/slapd.key<br>
<br>
modulepath /usr/lib64/openldap<br>
<br>
disallow bind_anon<br>
disallow bind_simple<br>
<br>
sasl-secprops noanonymous,noplain,noactive<br>
<br>
sasl-regexp "^uid=([^,]+),cn=GSSAPI,cn=auth" "uid=$1,ou=people,dc=example,dc=com"<br>
<br>
sasl-realm <a href="http://example.com" target="_blank">example.com</a><br>
sasl-host <a href="http://provider.example.com" target="_blank">provider.example.com</a><br>
<br>
access to<br>
attrs=loginShell<br>
by dn.regex="uid=.*/admin,cn=<a href="http://example.com" target="_blank">example.com</a>,cn=gssapi,cn=auth" write<br>
by self write<br>
by * read<br>
by dn="uid=host/<a href="http://consumer.example.com" target="_blank">consumer.example.com</a>,cn=<a href="http://example.com" target="_blank">example.com</a>,cn=gssapi,cn=auth" read<br>
access to *<br>
by dn.regex="uid=.*/admin,cn=<a href="http://example.com" target="_blank">example.com</a>,cn=gssapi,cn=auth" write<br>
by * read<br>
by dn="uid=host/<a href="http://consumer.example.com" target="_blank">consumer.example.com</a>,cn=<a href="http://example.com" target="_blank">example.com</a>,cn=gssapi,cn=auth" read<br>
<br>
sizelimit 5000<br>
<br>
threads 8<br>
<br>
idletimeout 3600<br>
<br>
loglevel sync<br>
<br>
database bdb<br>
suffix "dc=example,dc=com"<br>
<br>
cachesize 10000<br>
<br>
checkpoint 256 15<br>
<br>
directory /var/lib/ldap<br>
<br>
index objectClass,uid,uidNumber,gidNumber eq<br>
index cn,mail,surname,givenname eq,subinitial<br>
<br>
overlay syncprov<br>
syncprov-checkpoint 1000 60<br>
<br>
and on the debian consumer:<br>
<br>
<br>
#<br>
# See slapd.conf(5) for details on configuration options.<br>
# This file should NOT be world readable.<br>
#<br>
include /etc/ldap/schema/core.schema<br>
include /etc/ldap/schema/cosine.schema<br>
include /etc/ldap/schema/inetorgperson.schema<br>
include /etc/ldap/schema/nis.schema<br>
include /etc/ldap/schema/krb5-kdc.schema<br>
include /etc/ldap/schema/openldap.schema<br>
include /etc/ldap/schema/redhat/autofs.schema<br>
<br>
pidfile /var/run/slapd/slapd.pid<br>
<br>
argsfile /var/run/slapd/slapd.args<br>
<br>
loglevel 256<br>
<br>
moduleload back_bdb<br>
<br>
TLSCACertificateFile /etc/ldap/cacerts/cacert.pem<br>
TLSCertificateFile /etc/ldap/slapd.pem<br>
TLSCertificateKeyFile /etc/ldap/slapd.key<br>
<br>
moduleload back_bdb<br>
<br>
disallow bind_anon<br>
disallow bind_simple<br>
<br>
sasl-secprops noanonymous,noplain,noactive<br>
<br>
sasl-regexp "^uid=([^,]+),cn=GSSAPI,cn=auth" "uid=$1,ou=people,dc=example,dc=com"<br>
<br>
sasl-realm <a href="http://example.com" target="_blank">example.com</a><br>
sasl-host <a href="http://consumer.example.com" target="_blank">consumer.example.com</a><br>
<br>
access to<br>
attrs=loginShell<br>
by self write<br>
by * read<br>
access to *<br>
by * read<br>
<br>
sizelimit 5000<br>
<br>
idletimeout 3600<br>
<br>
database bdb<br>
suffix "dc=example,dc=com"<br>
rootdn "cn=manager,dc=example,dc=com"<br>
<br>
cachesize 10000<br>
<br>
checkpoint 512 30<br>
<br>
directory /var/lib/ldap<br>
<br>
index objectClass,uid,uidNumber,gidNumber eq<br>
index cn,mail,surname,givenname eq,subinitial<br>
<br>
syncrepl rid=001 \<br>
provider=ldaps://<a href="http://provider.example.com:636" target="_blank">provider.example.com:636</a> \<br>
type=refreshAndPersist \<br>
searchbase="dc=example,dc=com" \<br>
attrs=* \<br>
schemachecking=off \<br>
bindmethod=sasl \<br>
saslmech=GSSAPI \<br>
binddn="uid=host/<a href="http://consumer.example.com" target="_blank">consumer.example.com</a>,dc=example,dc=com"<br>
<br>
<br>
-- System Information:<br>
Debian Release: 5.0.2<br>
APT prefers stable<br>
APT policy: (500, 'stable')<br>
Architecture: amd64 (x86_64)<br>
<br>
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)<br>
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)<br>
Shell: /bin/sh linked to /bin/bash<br>
<br>
Versions of packages slapd depends on:<br>
ii adduser 3.110 add and remove users and groups<br>
ii coreutils 6.10-6 The GNU core utilities<br>
ii debconf [debconf- 1.5.24 Debian configuration management sy<br>
ii libc6 2.7-18 GNU C Library: Shared libraries<br>
ii libdb4.2 4.2.52+dfsg-5 Berkeley v4.2 Database Libraries [<br>
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr<br>
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries<br>
ii libltdl3 1.5.26-4 A system independent dlopen wrappe<br>
ii libperl5.10 5.10.0-19 Shared Perl library<br>
ii libsasl2-2 2.1.22.dfsg1-23+lenny1 Cyrus SASL - authentication abstra<br>
ii libslp1 1.2.1-7.5 OpenSLP libraries<br>
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra<br>
ii perl [libmime-bas 5.10.0-19 Larry Wall's Practical Extraction<br>
ii psmisc 22.6-1 Utilities that use the proc filesy<br>
ii unixodbc 2.2.11-16 ODBC tools libraries<br>
<br>
Versions of packages slapd recommends:<br>
ii libsasl2-modules 2.1.22.dfsg1-23+lenny1 Cyrus SASL - pluggable authenticat<br>
<br>
Versions of packages slapd suggests:<br>
ii ldap-utils 2.4.11-1 OpenLDAP utilities<br>
<br>
-- debconf information:<br>
slapd/password_mismatch:<br>
slapd/tlsciphersuite:<br>
slapd/invalid_config: true<br>
shared/organization: <a href="http://example.com" target="_blank">example.com</a><br>
slapd/upgrade_slapcat_failure:<br>
slapd/slurpd_obsolete:<br>
slapd/backend: HDB<br>
slapd/dump_database: when needed<br>
slapd/allow_ldap_v2: false<br>
slapd/no_configuration: false<br>
slapd/move_old_database: true<br>
slapd/suffix_change: false<br>
slapd/dump_database_destdir: /var/backups/slapd-VERSION<br>
slapd/purge_database: false<br>
slapd/domain: <a href="http://example.com" target="_blank">example.com</a><br>
<br>
<br>
<br>
_______________________________________________<br>
Pkg-openldap-devel mailing list<br>
<a href="mailto:Pkg-openldap-devel@lists.alioth.debian.org">Pkg-openldap-devel@lists.alioth.debian.org</a><br>
<a href="http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel" target="_blank">http://lists.alioth.debian.org/mailman/listinfo/pkg-openldap-devel</a><br>
<br>
</blockquote></div><br>