[Samba] LDAP push replication through firewall

Daniel Tamm daniel.tamm at biomil.se
Tue Sep 16 00:56:59 MDT 2014 

Well, this will be easy to test. At one of the consumer locations, we
will be changing from 4G to fiber connection soon. :-) Let's se if this
makes a difference!
Actually, your explanation sounds right: This morning, one of the
consumers was lagging behind (no sync since yesterday noon) when I came
to the office. Now, as my colleages have started working there, the
replication is up-to-date again, whithout re-starting the slapd deamon.

Best regards
Daniel


Den 2014-09-15 11:31, L.P.H. van Belle skrev:
> AH.. well. 
> 
> In this case im thinking your problem is at the 4G networks. 
> What i notice here ( in the netherlands ) is the following. 
> 
> The phones are showing that they are connected with internet,
> but when you want to use it, it does not work. 
> This is a problem at the provider, mostly cause by over capicitie of the dhcp pool. 
> 
> Try the following, to pin point this. 
> when you notice it isnt working anymore, turn off the 4G connection for 10 min.
> then turn it on again, when this works, im 100% sure this is a problem at your phone provider.
> 
> And make sure that if the ip changes, this is allowed by the recieving firewall. 
> 
> Best regards, 
> 
> Louis
> 
> 
>  
> 
>> -----Oorspronkelijk bericht-----
>> Van: daniel.tamm at biomil.se 
>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>> Verzonden: maandag 15 september 2014 11:22
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] LDAP push replication through firewall
>>
>> I can also add that the propagation sometimes works even without
>> restarting the slapd service on the consumers. But this can sometimes
>> take a long time (up to days), and sometimes works very 
>> quickly (seconds).
>>
>> Also, I probably should mention that the consumers are connected via
>> cell phone network (4G), which is a bit congested certain 
>> times of the day.
>>
>> Den 2014-09-12 12:17, L.P.H. van Belle skrev:
>>> which kind of ldap repliction do you use? 
>>> syncrepl or a master-slave setup. 
>>>
>>> for you firewall in this setup.. 
>>> master slave1 ( slave2) 
>>>
>>> open on slave1 port 636 for ip of master. ( and temporarily 
>> 389 for testing without tls) 
>>> same for slave2 
>>>
>>> with syncrepl. make sure you have stopped nslcd first before 
>> changing anything. 
>>> even, i removed it because of problems caused by nslcd... 
>>>
>>> can you post the ldap configs for the master and slave ( 
>> anonymized ) 
>>> so we can have a better look.
>>>
>>> Greetz, 
>>>
>>> Louis
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: daniel.tamm at biomil.se 
>>>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>>>> Verzonden: vrijdag 12 september 2014 9:22
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] LDAP push replication through firewall
>>>>
>>>> I have 3 Samba PDC servers with OpenLDAP backends, all at different
>>>> locations. The replication to the 2 consumers works fine when the
>>>> consumer's slapd is recently restarted, but if changes in the LDAP
>>>> database occur later on, the consumers do not pick up this update.
>>>> Again, restarting slapd on the consumers pulls in the update. Also,
>>>> updates done shortly afterwards (say a couple of minutes) will 
>>>> propagate
>>>> to the consumers.
>>>>
>>>> So my question is if this can be firewall related, and what 
>> ports need
>>>> to be opened on which side in order to allow the propagation to work
>>>> all-time?
>>>> By the way, all LDAP traffic uses Start-TLS.
>>>>
>>>> Thanks!
>>>> Daniel
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list