[Freeipa-devel] [PATCH 0007] replica install fails with domain level 1

[Ludwig Krispenz]

Hi Oleg,
On 06/01/2015 04:14 PM, Petr Vobornik wrote:
> On 06/01/2015 01:48 PM, Ludwig Krispenz wrote:
>>
>> On 06/01/2015 01:34 PM, Oleg Fayans wrote:
>>> So far I've bumped into problem, using the newly built packages:
>>>
>>> I've installed a master, a replica (replica1) Then replica3 (prepared
>>> on replica1), so, my topology looks like this:
>>>
>>> master <=> replica1 <=> replica3
>>>
>>> However, the `ipa topologysegment-find` shows correct topology only on
>>> replicas (not on master)
>> looks like replication from replica1 to master is not/nolonger working.
>> will look into this.
>
> With the same topology, replication works for me. I've not done 
> anything else related to topology after the installation. Maybe some 
> other operations caused that.
could it be that you had a replica2 which you had removed ?
>
>
>>>
>>> The second problem, is that the changes (like user creation) made on
>>> any of the nodes do not get replicate to other ones. The dirsrv logs
>>> are full of GSSAPI errors like this:
>
> Seems to be caused by the first issue.
>
>>>
>>> =====================================================================
>>> [01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not
>>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>>> error -1 (Can't contact LDAP server)
>>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>> (Success)
>>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>> (Success)
>>> [01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>>> -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
>>> =====================================================================
>>>
>>> Full logs are attached
>>> I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
>>> root at testmaster:~]$ rpm -q 389-ds-base
>>> 389-ds-base-2015_03_11-1.fc21.x86_64
>
> I used the one from mkosek/freeipa-master COPR: 
> 389-ds-base-1.3.4.a1-20150512143653.git1bf67a4.fc17.src.rpm
>
>>>
>>>
>>>
>>> On 06/01/2015 11:19 AM, Oleg Fayans wrote:
>>>> Woks for me too. Will perform extensive testing today, and report
>>>> everything that I find.
>>>> Thanks, Ludwig!
>>>>> On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
>>>>>> This is a patch for the two issues reported in ticket #5035
>>>>>> https://fedorahosted.org/freeipa/ticket/5035
>>>>>>
>>>>>>
>>>>>
>>>>> Works for me. I was able to install 2 replicas with domain level 1
>>>>> in one topology.
>>>>>
>>>>> Code looks good to me as well. Tentative ACK (would be nice if it
>>>>> was skimmed by Thierry).
>