[Freeipa-devel] [PATCH 0007] replica install fails with domain level 1

Tue Jun 2 07:56:49 UTC 2015

Hi Ludwig,

Nope, I did not remove the replica2 (this time) I just used replica3 
machine because I had it by hand. I'll re-run the whole procedure today 
to see if it reproduces

On 06/01/2015 04:52 PM, Ludwig Krispenz wrote:
> Hi Oleg,
> On 06/01/2015 04:14 PM, Petr Vobornik wrote:
>> On 06/01/2015 01:48 PM, Ludwig Krispenz wrote:
>>>
>>> On 06/01/2015 01:34 PM, Oleg Fayans wrote:
>>>> So far I've bumped into problem, using the newly built packages:
>>>>
>>>> I've installed a master, a replica (replica1) Then replica3 (prepared
>>>> on replica1), so, my topology looks like this:
>>>>
>>>> master <=> replica1 <=> replica3
>>>>
>>>> However, the `ipa topologysegment-find` shows correct topology only on
>>>> replicas (not on master)
>>> looks like replication from replica1 to master is not/nolonger working.
>>> will look into this.
>>
>> With the same topology, replication works for me. I've not done 
>> anything else related to topology after the installation. Maybe some 
>> other operations caused that.
> could it be that you had a replica2 which you had removed ?
>>
>>
>>>>
>>>> The second problem, is that the changes (like user creation) made on
>>>> any of the nodes do not get replicate to other ones. The dirsrv logs
>>>> are full of GSSAPI errors like this:
>>
>> Seems to be caused by the first issue.
>>
>>>>
>>>> =====================================================================
>>>> [01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not
>>>> perform interactive bind for id [] authentication mechanism [GSSAPI]:
>>>> error -1 (Can't contact LDAP server)
>>>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>>> (Success)
>>>> [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
>>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>>> (Success)
>>>> [01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error:
>>>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>>>> -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
>>>> =====================================================================
>>>>
>>>> Full logs are attached
>>>> I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
>>>> root at testmaster:~]$ rpm -q 389-ds-base
>>>> 389-ds-base-2015_03_11-1.fc21.x86_64
>>
>> I used the one from mkosek/freeipa-master COPR: 
>> 389-ds-base-1.3.4.a1-20150512143653.git1bf67a4.fc17.src.rpm
>>
>>>>
>>>>
>>>>
>>>> On 06/01/2015 11:19 AM, Oleg Fayans wrote:
>>>>> Woks for me too. Will perform extensive testing today, and report
>>>>> everything that I find.
>>>>> Thanks, Ludwig!
>>>>>> On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
>>>>>>> This is a patch for the two issues reported in ticket #5035
>>>>>>> https://fedorahosted.org/freeipa/ticket/5035
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Works for me. I was able to install 2 replicas with domain level 1
>>>>>> in one topology.
>>>>>>
>>>>>> Code looks good to me as well. Tentative ACK (would be nice if it
>>>>>> was skimmed by Thierry).
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.