[Samba] LDAP push replication through firewall
daniel.tamm at biomil.se
Tue Sep 16 00:56:59 MDT 2014
Well, this will be easy to test. At one of the consumer locations, we
will be changing from 4G to fiber connection soon. :-) Let's se if this
makes a difference!
Actually, your explanation sounds right: This morning, one of the
consumers was lagging behind (no sync since yesterday noon) when I came
to the office. Now, as my colleages have started working there, the
replication is up-to-date again, whithout re-starting the slapd deamon.
Den 2014-09-15 11:31, L.P.H. van Belle skrev:
> AH.. well.
> In this case im thinking your problem is at the 4G networks.
> What i notice here ( in the netherlands ) is the following.
> The phones are showing that they are connected with internet,
> but when you want to use it, it does not work.
> This is a problem at the provider, mostly cause by over capicitie of the dhcp pool.
> Try the following, to pin point this.
> when you notice it isnt working anymore, turn off the 4G connection for 10 min.
> then turn it on again, when this works, im 100% sure this is a problem at your phone provider.
> And make sure that if the ip changes, this is allowed by the recieving firewall.
> Best regards,
>> -----Oorspronkelijk bericht-----
>> Van: daniel.tamm at biomil.se
>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>> Verzonden: maandag 15 september 2014 11:22
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] LDAP push replication through firewall
>> I can also add that the propagation sometimes works even without
>> restarting the slapd service on the consumers. But this can sometimes
>> take a long time (up to days), and sometimes works very
>> quickly (seconds).
>> Also, I probably should mention that the consumers are connected via
>> cell phone network (4G), which is a bit congested certain
>> times of the day.
>> Den 2014-09-12 12:17, L.P.H. van Belle skrev:
>>> which kind of ldap repliction do you use?
>>> syncrepl or a master-slave setup.
>>> for you firewall in this setup..
>>> master slave1 ( slave2)
>>> open on slave1 port 636 for ip of master. ( and temporarily
>> 389 for testing without tls)
>>> same for slave2
>>> with syncrepl. make sure you have stopped nslcd first before
>> changing anything.
>>> even, i removed it because of problems caused by nslcd...
>>> can you post the ldap configs for the master and slave (
>> anonymized )
>>> so we can have a better look.
>>>> -----Oorspronkelijk bericht-----
>>>> Van: daniel.tamm at biomil.se
>>>> [mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>>>> Verzonden: vrijdag 12 september 2014 9:22
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: [Samba] LDAP push replication through firewall
>>>> I have 3 Samba PDC servers with OpenLDAP backends, all at different
>>>> locations. The replication to the 2 consumers works fine when the
>>>> consumer's slapd is recently restarted, but if changes in the LDAP
>>>> database occur later on, the consumers do not pick up this update.
>>>> Again, restarting slapd on the consumers pulls in the update. Also,
>>>> updates done shortly afterwards (say a couple of minutes) will
>>>> to the consumers.
>>>> So my question is if this can be firewall related, and what
>> ports need
>>>> to be opened on which side in order to allow the propagation to work
>>>> By the way, all LDAP traffic uses Start-TLS.
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba