[Freeipa-devel] [PATCH 0007] replica install fails with domain level 1
Ludwig Krispenz
lkrispen at redhat.com
Mon Jun 1 11:48:13 UTC 2015
On 06/01/2015 01:34 PM, Oleg Fayans wrote:
> So far I've bumped into problem, using the newly built packages:
>
> I've installed a master, a replica (replica1) Then replica3 (prepared
> on replica1), so, my topology looks like this:
>
> master <=> replica1 <=> replica3
>
> However, the `ipa topologysegment-find` shows correct topology only on
> replicas (not on master)
looks like replication from replica1 to master is not/nolonger working.
will look into this.
>
> master:
> root at testmaster:~]$ ipa topologysegment-find
> Suffix name: realm
> -----------------
> 1 segment matched
> -----------------
> Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
> Left node: replica1.zaeba.li
> Right node: testmaster.zaeba.li
> Connectivity: both
> ----------------------------
> Number of entries returned 1
> ----------------------------
>
> replica1:
> ofayans at replica1:~]$ ipa topologysegment-find
> Suffix name: realm
> ------------------
> 2 segments matched
> ------------------
> Segment name: replica1.zaeba.li-to-replica3.zaeba.li
> Left node: replica1.zaeba.li
> Right node: replica3.zaeba.li
> Connectivity: both
>
> Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
> Left node: replica1.zaeba.li
> Right node: testmaster.zaeba.li
> Connectivity: both
> ----------------------------
> Number of entries returned 2
> ----------------------------
>
> replica3:
> ofayans at replica3:~]$ ipa topologysegment-find
> Suffix name: realm
> ------------------
> 2 segments matched
> ------------------
> Segment name: replica1.zaeba.li-to-replica3.zaeba.li
> Left node: replica1.zaeba.li
> Right node: replica3.zaeba.li
> Connectivity: both
>
> Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
> Left node: replica1.zaeba.li
> Right node: testmaster.zaeba.li
> Connectivity: both
> ----------------------------
> Number of entries returned 2
> ----------------------------
>
> The second problem, is that the changes (like user creation) made on
> any of the nodes do not get replicate to other ones. The dirsrv logs
> are full of GSSAPI errors like this:
>
> =====================================================================
> [01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] authentication mechanism [GSSAPI]:
> error -1 (Can't contact LDAP server)
> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
> [01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
> =====================================================================
>
> Full logs are attached
> I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
> root at testmaster:~]$ rpm -q 389-ds-base
> 389-ds-base-2015_03_11-1.fc21.x86_64
>
>
>
> On 06/01/2015 11:19 AM, Oleg Fayans wrote:
>> Woks for me too. Will perform extensive testing today, and report
>> everything that I find.
>> Thanks, Ludwig!
>>> On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
>>>> This is a patch for the two issues reported in ticket #5035
>>>> https://fedorahosted.org/freeipa/ticket/5035
>>>>
>>>>
>>>
>>> Works for me. I was able to install 2 replicas with domain level 1
>>> in one topology.
>>>
>>> Code looks good to me as well. Tentative ACK (would be nice if it
>>> was skimmed by Thierry).
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150601/62935bae/attachment.htm>
More information about the Freeipa-devel
mailing list