which kind of ldap repliction do you use?
syncrepl or a master-slave setup.
for you firewall in this setup..
master slave1 ( slave2)
open on slave1 port 636 for ip of master. ( and temporarily 389 for testing
without tls)
same for slave2
with syncrepl. make sure you have stopped nslcd first before changing anything.
even, i removed it because of problems caused by nslcd...
can you post the ldap configs for the master and slave ( anonymized )
so we can have a better look.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: daniel.tamm at biomil.se
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Tamm
>Verzonden: vrijdag 12 september 2014 9:22
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] LDAP push replication through firewall
>
>I have 3 Samba PDC servers with OpenLDAP backends, all at different
>locations. The replication to the 2 consumers works fine when the
>consumer's slapd is recently restarted, but if changes in the LDAP
>database occur later on, the consumers do not pick up this update.
>Again, restarting slapd on the consumers pulls in the update. Also,
>updates done shortly afterwards (say a couple of minutes) will
>propagate
>to the consumers.
>
>So my question is if this can be firewall related, and what ports need
>to be opened on which side in order to allow the propagation to work
>all-time?
>By the way, all LDAP traffic uses Start-TLS.
>
>Thanks!
>Daniel
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>