[Samba] LDAP push replication through firewall

Daniel Tamm daniel.tamm at biomil.se
Mon Sep 15 03:22:29 MDT 2014

I can also add that the propagation sometimes works even without
restarting the slapd service on the consumers. But this can sometimes
take a long time (up to days), and sometimes works very quickly (seconds).

Also, I probably should mention that the consumers are connected via
cell phone network (4G), which is a bit congested certain times of the day.

Den 2014-09-12 12:17, L.P.H. van Belle skrev:
> which kind of ldap repliction do you use? 
> syncrepl or a master-slave setup. 
> for you firewall in this setup.. 
> master slave1 ( slave2) 
> open on slave1 port 636 for ip of master. ( and temporarily 389 for testing without tls) 
> same for slave2 
> with syncrepl. make sure you have stopped nslcd first before changing anything. 
> even, i removed it because of problems caused by nslcd... 
> can you post the ldap configs for the master and slave ( anonymized ) 
> so we can have a better look.
> Greetz, 
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: daniel.tamm at biomil.se 
>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>> Verzonden: vrijdag 12 september 2014 9:22
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] LDAP push replication through firewall
>> I have 3 Samba PDC servers with OpenLDAP backends, all at different
>> locations. The replication to the 2 consumers works fine when the
>> consumer's slapd is recently restarted, but if changes in the LDAP
>> database occur later on, the consumers do not pick up this update.
>> Again, restarting slapd on the consumers pulls in the update. Also,
>> updates done shortly afterwards (say a couple of minutes) will 
>> propagate
>> to the consumers.
>> So my question is if this can be firewall related, and what ports need
>> to be opened on which side in order to allow the propagation to work
>> all-time?
>> By the way, all LDAP traffic uses Start-TLS.
>> Thanks!
>> Daniel
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list