[Freeipa-devel] Database error on replicas

Ludwig Krispenz lkrispen at redhat.com
Wed Jun 3 09:09:58 UTC 2015 

Oleg,

is the master and the replicas up and running ? The error messages look 
like the dna plugin wants to establish an ldap connection to extend it's 
range - and fails. I don't see how the topology plugin would interfere, 
but of course there could be a side efect.

Ludwig

On 06/03/2015 10:46 AM, Martin Babinsky wrote:
> On 06/03/2015 10:33 AM, Oleg Fayans wrote:
>> Hi,
>>
>> With the latest freeipa code containing Topology plugin patches, I am
>> unable to make any changes in replicas.
>>
>> I have the following topology:
>> replica1 <=> master <=> replica3
>> Here is the output of the ipa topologysegment-find command:
>>
>> Suffix name: realm
>> ------------------
>> 2 segments matched
>> ------------------
>>    Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
>>    Left node: replica1.zaeba.li
>>    Right node: testmaster.zaeba.li
>>    Connectivity: both
>>
>>    Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
>>    Left node: replica3.zaeba.li
>>    Right node: testmaster.zaeba.li
>>    Connectivity: both
>> ----------------------------
>> Number of entries returned 2
>> ----------------------------
>>
>>
>> Any changes on master get replicated to replicas successfully. However,
>> any attempts to change anything on replicas, for example, create a user,
>> result in the error message about DatabaseError (attached).
>>
>> The corresponding part of the dirsrv log looks like this:
>>
>> 03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>> (Can't contact LDAP server)
>> [03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
>> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
>> [03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or 
>> directory)
>> [03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>> (Can't contact LDAP server)
>>
>> The full log is attached
>>
>>
>>
> Hi Oleg,
>
> could you also post the output of 'journalctl -xe' related to dirsrv 
> (on master and also on replicas)? I have seen a couple of segfaults 
> there during reviewing Petr Vobornik's topology* commands.
>

More information about the Freeipa-devel mailing list