[Freeipa-devel] Database error on replicas

Oleg Fayans ofayans at redhat.com
Wed Jun 3 09:43:43 UTC 2015


Hi Ludwig,

Yep all 3 hosts were up and running during this test execution.

On 06/03/2015 11:09 AM, Ludwig Krispenz wrote:
> Oleg,
>
> is the master and the replicas up and running ? The error messages 
> look like the dna plugin wants to establish an ldap connection to 
> extend it's range - and fails. I don't see how the topology plugin 
> would interfere, but of course there could be a side efect.
>
> Ludwig
>
> On 06/03/2015 10:46 AM, Martin Babinsky wrote:
>> On 06/03/2015 10:33 AM, Oleg Fayans wrote:
>>> Hi,
>>>
>>> With the latest freeipa code containing Topology plugin patches, I am
>>> unable to make any changes in replicas.
>>>
>>> I have the following topology:
>>> replica1 <=> master <=> replica3
>>> Here is the output of the ipa topologysegment-find command:
>>>
>>> Suffix name: realm
>>> ------------------
>>> 2 segments matched
>>> ------------------
>>>    Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
>>>    Left node: replica1.zaeba.li
>>>    Right node: testmaster.zaeba.li
>>>    Connectivity: both
>>>
>>>    Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
>>>    Left node: replica3.zaeba.li
>>>    Right node: testmaster.zaeba.li
>>>    Connectivity: both
>>> ----------------------------
>>> Number of entries returned 2
>>> ----------------------------
>>>
>>>
>>> Any changes on master get replicated to replicas successfully. However,
>>> any attempts to change anything on replicas, for example, create a 
>>> user,
>>> result in the error message about DatabaseError (attached).
>>>
>>> The corresponding part of the dirsrv log looks like this:
>>>
>>> 03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
>>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>>> (Can't contact LDAP server)
>>> [03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>> (Success)
>>> [03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>>> -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or 
>>> directory)
>>> [03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
>>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>>> (Can't contact LDAP server)
>>>
>>> The full log is attached
>>>
>>>
>>>
>> Hi Oleg,
>>
>> could you also post the output of 'journalctl -xe' related to dirsrv 
>> (on master and also on replicas)? I have seen a couple of segfaults 
>> there during reviewing Petr Vobornik's topology* commands.
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.




More information about the Freeipa-devel mailing list