Discussion:
slapd-ldap quarantine, manual slapd restart is required
(too old to reply)
Nikos Voutsinas
2015-10-07 22:50:43 UTC
Permalink
Hi,

I am using the quarantine option of back-ldap, using the following setting:

olcDbQuarantine 10,30;60,+

which AFAIK it means that proxy ldap will try to unset the quarantine in 10
seconds for 30 times, and then will try every 60 seconds, forever.

In my case when proxy ldap put the backend target into quarantine
the following lines were written in slapd.log, and after that proxy ldap
never managed to remove the target from quarantine.

Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0 ldap_back_retry:
retrying URI="ldap://back01 ldap://back02" DN=""
Oct 7 21:30:58 proxy slapd[330]: conn=632725 op=0: ldap_back_quarantine
enter.
Oct 7 21:31:08 proxy slapd[330]: conn=632759 op=0: ldap_back_getconn
quarantine retry block #0 try #0.

It seems to me that back ldap tried once to check the target status in 10
seconds, and after that nothing.....

1. Is the config syntax correct?
2. Is there any case this to be a regression of ITS#5592

Thanks,
Nikos
Quanah Gibson-Mount
2015-10-07 22:56:20 UTC
Permalink
Content preview: --On Thursday, October 08, 2015 2:50 AM +0300 Nikos Voutsinas
<***@gmail.com> wrote: > It seems to me that back ldap tried once to
check the target status in 10 > seconds, and after that nothing..... > >
1. Is the config syntax correct? > > 2. Is there any case this to be a regression
of ITS#5592 [...]

Content analysis details: (-2.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zimbra.com]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

--On Thursday, October 08, 2015 2:50 AM +0300 Nikos Voutsinas
It seems to me that back ldap tried once to check the target status in 10
seconds, and after that nothing.....
1. Is the config syntax correct?
2. Is there any case this to be a regression of ITS#5592
OpenLDAP version?

Also, just curious of changing the value of olcDbQuarantine restarts the
connection attempts, which should happen, according to the man page.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

Loading...