[Freeipa-devel] Database error on replicas

thierry bordaz tbordaz at redhat.com
Thu Jun 4 17:27:30 UTC 2015 

Hello Oleg,

So far I have been unable to reproduce the problem.
I tried various scenarios depending if the first update was on 
master/slave, or with 2 slaves, 1 slave, 1slave added later.

Do you have any detail how you did your test ?

If you can restart the remaining VM, I would be interested in the logs 
(access/errors).

thanks
thierry
On 06/03/2015 11:11 AM, Oleg Fayans wrote:
> Hi Martin,
>
> On 06/03/2015 10:46 AM, Martin Babinsky wrote:
>> On 06/03/2015 10:33 AM, Oleg Fayans wrote:
>>> Hi,
>>>
>>> With the latest freeipa code containing Topology plugin patches, I am
>>> unable to make any changes in replicas.
>>>
>>> I have the following topology:
>>> replica1 <=> master <=> replica3
>>> Here is the output of the ipa topologysegment-find command:
>>>
>>> Suffix name: realm
>>> ------------------
>>> 2 segments matched
>>> ------------------
>>>    Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
>>>    Left node: replica1.zaeba.li
>>>    Right node: testmaster.zaeba.li
>>>    Connectivity: both
>>>
>>>    Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
>>>    Left node: replica3.zaeba.li
>>>    Right node: testmaster.zaeba.li
>>>    Connectivity: both
>>> ----------------------------
>>> Number of entries returned 2
>>> ----------------------------
>>>
>>>
>>> Any changes on master get replicated to replicas successfully. However,
>>> any attempts to change anything on replicas, for example, create a 
>>> user,
>>> result in the error message about DatabaseError (attached).
>>>
>>> The corresponding part of the dirsrv log looks like this:
>>>
>>> 03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
>>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>>> (Can't contact LDAP server)
>>> [03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
>>> startTLS request: error -1 (Can't contact LDAP server) errno 0 
>>> (Success)
>>> [03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>>> -1 (Can't contact LDAP server) ((null)) errno 2 (No such file or 
>>> directory)
>>> [03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
>>> interactive bind for id [] authentication mechanism [GSSAPI]: error -1
>>> (Can't contact LDAP server)
>>>
>>> The full log is attached
>>>
>>>
>>>
>> Hi Oleg,
>>
>> could you also post the output of 'journalctl -xe' related to dirsrv 
>> (on master and also on replicas)? I have seen a couple of segfaults 
>> there during reviewing Petr Vobornik's topology* commands.
>>
> Attached
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150604/1f6837e9/attachment.htm>

More information about the Freeipa-devel mailing list