[Freeipa-devel] LDAP errors in the dirsrv logs during replica preparation

Oleg Fayans ofayans at redhat.com
Fri Jun 19 14:27:09 UTC 2015 

Hi everybody,

While preparing the replica files on the latest IPA master I've noticed 
the following error messages in the dirsrv error log:

[19/Jun/2015:15:26:10 +0200] NSMMReplicationPlugin - 
agmt="cn=masterAgreement1-vm-244.idm.lab.eng.brq.redhat.com-pki-tomcat" 
(vm-244:389): Replication bind with SIMPLE auth failed: LDAP error -1 
(Can't contact LDAP server) ()
[19/Jun/2015:15:26:10 +0200] - Entry "uid=admin,ou=people,o=ipaca" -- 
attribute "krbExtraData" not allowed
[19/Jun/2015:15:26:13 +0200] slapi_ldap_bind - Error: could not send 
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)

Though the stdout of the replica preparation reports success, when I 
later use the resulting gpg file to actually setup a replica the setup 
process fails with the following output:

Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
   [1/8]: adding sasl mappings to the directory
   [2/8]: configuring KDC
   [3/8]: creating a keytab for the directory
   [4/8]: creating a keytab for the machine
   [5/8]: adding the password extension to the directory
   [6/8]: enable GSSAPI for replication
   [error] RuntimeError: One of the ldap service principals is missing. 
Replication agreement cannot be converted.
Replication error message: Unable to acquire replicaLDAP error: No such 
object
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    One of the 
ldap service principals is missing. Replication agreement cannot be 
converted.
Replication error message: Unable to acquire replicaLDAP error: No such 
object

The corresponding part of the ipareplica-install.log is attached

I've encountered this already twice. The strangest part is that I 
prepared 3 replicas simultaneously: 2 of them installed successfully and 
one - failed. All three replicas were launched from the same vm-template

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-install.log
Type: text/x-log
Size: 14802 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150619/e94d5719/attachment.bin>

More information about the Freeipa-devel mailing list