[Freeipa-devel] [PATCH 0007] replica install fails with domain level 1

Petr Vobornik pvoborni at redhat.com
Mon Jun 1 14:14:50 UTC 2015 

On 06/01/2015 01:48 PM, Ludwig Krispenz wrote:
>
> On 06/01/2015 01:34 PM, Oleg Fayans wrote:
>> So far I've bumped into problem, using the newly built packages:
>>
>> I've installed a master, a replica (replica1) Then replica3 (prepared
>> on replica1), so, my topology looks like this:
>>
>> master <=> replica1 <=> replica3
>>
>> However, the `ipa topologysegment-find` shows correct topology only on
>> replicas (not on master)
> looks like replication from replica1 to master is not/nolonger working.
> will look into this.

With the same topology, replication works for me. I've not done anything 
else related to topology after the installation. Maybe some other 
operations caused that.


>>
>> The second problem, is that the changes (like user creation) made on
>> any of the nodes do not get replicate to other ones. The dirsrv logs
>> are full of GSSAPI errors like this:

Seems to be caused by the first issue.

>>
>> =====================================================================
>> [01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not
>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>> error -1 (Can't contact LDAP server)
>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
>> [01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
>> =====================================================================
>>
>> Full logs are attached
>> I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
>> root at testmaster:~]$ rpm -q 389-ds-base
>> 389-ds-base-2015_03_11-1.fc21.x86_64

I used the one from mkosek/freeipa-master COPR: 
389-ds-base-1.3.4.a1-20150512143653.git1bf67a4.fc17.src.rpm

>>
>>
>>
>> On 06/01/2015 11:19 AM, Oleg Fayans wrote:
>>> Woks for me too. Will perform extensive testing today, and report
>>> everything that I find.
>>> Thanks, Ludwig!
>>>> On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
>>>>> This is a patch for the two issues reported in ticket #5035
>>>>> https://fedorahosted.org/freeipa/ticket/5035
>>>>>
>>>>>
>>>>
>>>> Works for me. I was able to install 2 replicas with domain level 1
>>>> in one topology.
>>>>
>>>> Code looks good to me as well. Tentative ACK (would be nice if it
>>>> was skimmed by Thierry).

-- 
Petr Vobornik

More information about the Freeipa-devel mailing list