[Samba] LDAP push replication through firewall

L.P.H. van Belle belle at bazuin.nl
Mon Sep 15 03:31:09 MDT 2014

AH.. well. 

In this case im thinking your problem is at the 4G networks. 
What i notice here ( in the netherlands ) is the following. 

The phones are showing that they are connected with internet,
but when you want to use it, it does not work. 
This is a problem at the provider, mostly cause by over capicitie of the dhcp pool. 

Try the following, to pin point this. 
when you notice it isnt working anymore, turn off the 4G connection for 10 min.
then turn it on again, when this works, im 100% sure this is a problem at your phone provider.

And make sure that if the ip changes, this is allowed by the recieving firewall. 

Best regards, 



>-----Oorspronkelijk bericht-----
>Van: daniel.tamm at biomil.se 
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>Verzonden: maandag 15 september 2014 11:22
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] LDAP push replication through firewall
>I can also add that the propagation sometimes works even without
>restarting the slapd service on the consumers. But this can sometimes
>take a long time (up to days), and sometimes works very 
>quickly (seconds).
>Also, I probably should mention that the consumers are connected via
>cell phone network (4G), which is a bit congested certain 
>times of the day.
>Den 2014-09-12 12:17, L.P.H. van Belle skrev:
>> which kind of ldap repliction do you use? 
>> syncrepl or a master-slave setup. 
>> for you firewall in this setup.. 
>> master slave1 ( slave2) 
>> open on slave1 port 636 for ip of master. ( and temporarily 
>389 for testing without tls) 
>> same for slave2 
>> with syncrepl. make sure you have stopped nslcd first before 
>changing anything. 
>> even, i removed it because of problems caused by nslcd... 
>> can you post the ldap configs for the master and slave ( 
>anonymized ) 
>> so we can have a better look.
>> Greetz, 
>> Louis
>>> -----Oorspronkelijk bericht-----
>>> Van: daniel.tamm at biomil.se 
>>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>>> Verzonden: vrijdag 12 september 2014 9:22
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] LDAP push replication through firewall
>>> I have 3 Samba PDC servers with OpenLDAP backends, all at different
>>> locations. The replication to the 2 consumers works fine when the
>>> consumer's slapd is recently restarted, but if changes in the LDAP
>>> database occur later on, the consumers do not pick up this update.
>>> Again, restarting slapd on the consumers pulls in the update. Also,
>>> updates done shortly afterwards (say a couple of minutes) will 
>>> propagate
>>> to the consumers.
>>> So my question is if this can be firewall related, and what 
>ports need
>>> to be opened on which side in order to allow the propagation to work
>>> all-time?
>>> By the way, all LDAP traffic uses Start-TLS.
>>> Thanks!
>>> Daniel
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list