[Freeipa-devel] Database error on replicas

Martin Babinsky mbabinsk at redhat.com
Wed Jun 3 08:46:06 UTC 2015 

On 06/03/2015 10:33 AM, Oleg Fayans wrote:
> Hi,
>
> With the latest freeipa code containing Topology plugin patches, I am
> unable to make any changes in replicas.
>
> I have the following topology:
> replica1 <=> master <=> replica3
> Here is the output of the ipa topologysegment-find command:
>
> Suffix name: realm
> ------------------
> 2 segments matched
> ------------------
>    Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
>    Left node: replica1.zaeba.li
>    Right node: testmaster.zaeba.li
>    Connectivity: both
>
>    Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
>    Left node: replica3.zaeba.li
>    Right node: testmaster.zaeba.li
>    Connectivity: both
> ----------------------------
> Number of entries returned 2
> ----------------------------
>
>
> Any changes on master get replicated to replicas successfully. However,
> any attempts to change anything on replicas, for example, create a user,
> result in the error message about DatabaseError (attached).
>
> The corresponding part of the dirsrv log looks like this:
>
> 03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
> (Can't contact LDAP server)
> [03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
> [03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory)
> [03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
> (Can't contact LDAP server)
>
> The full log is attached
>
>
>
Hi Oleg,

could you also post the output of 'journalctl -xe' related to dirsrv (on 
master and also on replicas)? I have seen a couple of segfaults there 
during reviewing Petr Vobornik's topology* commands.

-- 
Martin^3 Babinsky

More information about the Freeipa-devel mailing list