[Samba] LDAP push replication through firewall
Daniel Tamm
daniel.tamm at biomil.se
Mon Sep 15 03:22:29 MDT 2014
I can also add that the propagation sometimes works even without
restarting the slapd service on the consumers. But this can sometimes
take a long time (up to days), and sometimes works very quickly (seconds).
Also, I probably should mention that the consumers are connected via
cell phone network (4G), which is a bit congested certain times of the day.
Den 2014-09-12 12:17, L.P.H. van Belle skrev:
> which kind of ldap repliction do you use?
> syncrepl or a master-slave setup.
>
> for you firewall in this setup..
> master slave1 ( slave2)
>
> open on slave1 port 636 for ip of master. ( and temporarily 389 for testing without tls)
> same for slave2
>
> with syncrepl. make sure you have stopped nslcd first before changing anything.
> even, i removed it because of problems caused by nslcd...
>
> can you post the ldap configs for the master and slave ( anonymized )
> so we can have a better look.
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: daniel.tamm at biomil.se
>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>> Verzonden: vrijdag 12 september 2014 9:22
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] LDAP push replication through firewall
>>
>> I have 3 Samba PDC servers with OpenLDAP backends, all at different
>> locations. The replication to the 2 consumers works fine when the
>> consumer's slapd is recently restarted, but if changes in the LDAP
>> database occur later on, the consumers do not pick up this update.
>> Again, restarting slapd on the consumers pulls in the update. Also,
>> updates done shortly afterwards (say a couple of minutes) will
>> propagate
>> to the consumers.
>>
>> So my question is if this can be firewall related, and what ports need
>> to be opened on which side in order to allow the propagation to work
>> all-time?
>> By the way, all LDAP traffic uses Start-TLS.
>>
>> Thanks!
>> Daniel
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list