[Samba] LDAP push replication through firewall

L.P.H. van Belle belle at bazuin.nl
Fri Sep 12 04:17:26 MDT 2014

which kind of ldap repliction do you use? 
syncrepl or a master-slave setup. 

for you firewall in this setup.. 
master slave1 ( slave2) 

open on slave1 port 636 for ip of master. ( and temporarily 389 for testing without tls) 
same for slave2 

with syncrepl. make sure you have stopped nslcd first before changing anything. 
even, i removed it because of problems caused by nslcd... 

can you post the ldap configs for the master and slave ( anonymized ) 
so we can have a better look.



>-----Oorspronkelijk bericht-----
>Van: daniel.tamm at biomil.se 
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>Verzonden: vrijdag 12 september 2014 9:22
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] LDAP push replication through firewall
>I have 3 Samba PDC servers with OpenLDAP backends, all at different
>locations. The replication to the 2 consumers works fine when the
>consumer's slapd is recently restarted, but if changes in the LDAP
>database occur later on, the consumers do not pick up this update.
>Again, restarting slapd on the consumers pulls in the update. Also,
>updates done shortly afterwards (say a couple of minutes) will 
>to the consumers.
>So my question is if this can be firewall related, and what ports need
>to be opened on which side in order to allow the propagation to work
>By the way, all LDAP traffic uses Start-TLS.
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list