<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/01/2014 01:16 PM, Nevada Sanchez
wrote:<br>
</div>
<blockquote
cite="mid:CAPUVn2vqtcjFyo-h_rndXEiUMMHuS75QoLyb1zZe2JdhkVB2dw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>389-ds-base-1.3.1.22-1.fc19.x86_64</div>
<div><br>
</div>
<div>The following, I think, summarizes the contents of the
error log (I probably uninstalled and tried reimporting 2 or 3
times in what is shown).</div>
<div><br>
</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>
<div>[01/Apr/2014:03:42:46 -0400] - WARNING: Import is running
with nsslapd-db-private-import-mem on; No other process is
allowed to access the database</div>
<div>[01/Apr/2014:03:42:46 -0400] -
check_and_set_import_cache: pagesize: 4096, pages: 1970554,
procpages: 53717</div>
<div>[01/Apr/2014:03:42:46 -0400] - Import allocates 3152884KB
import cache.</div>
<div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Beginning
import job...</div>
<div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Index
buffering enabled with bucket size 100</div>
<div>[01/Apr/2014:03:42:46 -0400] - import userRoot:
Processing file "/var/lib/dirsrv/boot.ldif"</div>
<div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Finished
scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)</div>
<div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Workers
finished; cleaning up...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Workers
cleaned up.</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Cleaning
up producer thread...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Indexing
complete. Post-processing...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot:
Generating numSubordinates complete.</div>
<div>[01/Apr/2014:03:42:47 -0400] - Nothing to do to build
ancestorid index</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Flushing
caches...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Closing
files...</div>
<div>[01/Apr/2014:03:42:47 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Import
complete. Processed 1 entries in 1 seconds. (1.00
entries/sec)</div>
<div>[01/Apr/2014:03:42:47 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:03:42:47 -0400] - Db home directory is not
set. Possibly nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the config file.</div>
<div>[01/Apr/2014:03:42:48 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:03:42:48 -0400] - Db home directory is not
set. Possibly nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the config file.</div>
<div>[01/Apr/2014:03:42:48 -0400] - I'm resizing my cache
now...cache was 3228553216 and is now 8000000</div>
<div>[01/Apr/2014:03:42:48 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:03:42:48 -0400] - The change of
nsslapd-ldapilisten will not take effect until the server is
restarted</div>
<div>[01/Apr/2014:03:43:01 -0400] - Warning: Adding
configuration attribute "nsslapd-security"</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down -
signaling operation threads</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down -
waiting for 27 threads to terminate</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down -
closing down internal subsystems and plugins</div>
<div>[01/Apr/2014:03:43:01 -0400] - Waiting for 4 database
threads to stop</div>
<div>[01/Apr/2014:03:43:02 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:03:43:02 -0400] - slapd stopped.</div>
<div>[01/Apr/2014:03:43:03 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key
found for cipher AES in backend userRoot, attempting to
create one...</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher
AES successfully generated and stored</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key
found for cipher 3DES in backend userRoot, attempting to
create one...</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher
3DES successfully generated and stored</div>
<div>[01/Apr/2014:03:43:03 -0400] ipalockout_get_global_config
- [file ipa_lockout.c, line 185]: Failed to get default
realm (-1765328160)</div>
<div>[01/Apr/2014:03:43:04 -0400] ipaenrollment_start - [file
ipa_enrollment.c, line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - Listening on All
Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd shutting down -
signaling operation threads</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd shutting down -
waiting for 27 threads to terminate</div>
<div>[01/Apr/2014:03:43:05 -0400] - slapd shutting down -
closing down internal subsystems and plugins</div>
<div>[01/Apr/2014:03:43:05 -0400] - Waiting for 4 database
threads to stop</div>
<div>[01/Apr/2014:03:43:05 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:03:43:05 -0400] - slapd stopped.</div>
<div>[01/Apr/2014:03:43:06 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:03:43:06 -0400] ipalockout_get_global_config
- [file ipa_lockout.c, line 185]: Failed to get default
realm (-1765328160)</div>
<div>[01/Apr/2014:03:43:06 -0400] ipaenrollment_start - [file
ipa_enrollment.c, line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:03:43:06 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:03:43:06 -0400] - Listening on All
Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:03:43:06 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div>
<div>[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
agmt="cn=<a moz-do-not-send="true"
href="http://meToipa.example.com">meToipa.example.com</a>"
(ipa:389): The remote replica has a different database
generation ID than the local database. You may have to
reinitialize the remote replica, or the local replica.</div>
<div>[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is
going offline; disabling replication</div>
<div>[01/Apr/2014:03:43:08 -0400] - WARNING: Import is running
with nsslapd-db-private-import-mem on; No other process is
allowed to access the database</div>
<div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers
finished; cleaning up...</div>
<div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers
cleaned up.</div>
<div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Indexing
complete. Post-processing...</div>
<div>[01/Apr/2014:03:43:11 -0400] - import userRoot:
Generating numSubordinates complete.</div>
<div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Flushing
caches...</div>
<div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Closing
files...</div>
<div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Import
complete. Processed 453 entries in 4 seconds. (113.25
entries/sec)</div>
<div>[01/Apr/2014:03:43:12 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is
coming online; enabling replication</div>
<div>[01/Apr/2014:03:43:12 -0400] - Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS
Templates found, which should be added before the CoS
Definition.</div>
<div>[01/Apr/2014:03:43:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:43:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:03:48:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:48:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:53:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:03:53:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:03:58:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:58:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:03:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:03:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:08:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:08:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:13:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:13:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:18:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:18:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:23:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:23:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:28:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:28:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:33:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:33:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:38:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:38:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:43:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:43:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:48:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:48:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:53:19 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:53:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:04:58:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:58:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:03:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:03:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:08:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:08:18 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:13:18 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:13:19 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:14:36 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:36 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:41 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:14:41 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:14:46 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:46 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
[01/Apr/2014:05:14:58 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:58 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down -
signaling operation threads</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down -
waiting for 28 threads to terminate</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down -
closing down internal subsystems and plugins</div>
<div>[01/Apr/2014:05:15:01 -0400] - Waiting for 4 database
threads to stop</div>
<div>[01/Apr/2014:05:15:01 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:05:15:01 -0400] - slapd stopped.</div>
<div>[01/Apr/2014:05:27:38 -0400] - WARNING: Import is running
with nsslapd-db-private-import-mem on; No other process is
allowed to access the database</div>
<div>[01/Apr/2014:05:27:38 -0400] -
check_and_set_import_cache: pagesize: 4096, pages: 1970554,
procpages: 53717</div>
<div>[01/Apr/2014:05:27:38 -0400] - Import allocates 3152884KB
import cache.</div>
<div>[01/Apr/2014:05:27:38 -0400] - import userRoot: Beginning
import job...</div>
<div>[01/Apr/2014:05:27:38 -0400] - import userRoot: Index
buffering enabled with bucket size 100</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot:
Processing file "/var/lib/dirsrv/boot.ldif"</div>
<div>
[01/Apr/2014:05:27:39 -0400] - import userRoot: Finished
scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers
finished; cleaning up...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers
cleaned up.</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Cleaning
up producer thread...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Indexing
complete. Post-processing...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot:
Generating numSubordinates complete.</div>
<div>[01/Apr/2014:05:27:39 -0400] - Nothing to do to build
ancestorid index</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Flushing
caches...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Closing
files...</div>
<div>[01/Apr/2014:05:27:40 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:05:27:40 -0400] - import userRoot: Import
complete. Processed 1 entries in 2 seconds. (0.50
entries/sec)</div>
<div>[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:05:27:40 -0400] - Db home directory is not
set. Possibly nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the config file.</div>
<div>[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:05:27:40 -0400] - Db home directory is not
set. Possibly nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the config file.</div>
<div>[01/Apr/2014:05:27:40 -0400] - I'm resizing my cache
now...cache was 3228553216 and is now 8000000</div>
<div>[01/Apr/2014:05:27:41 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:05:27:41 -0400] - The change of
nsslapd-ldapilisten will not take effect until the server is
restarted</div>
<div>[01/Apr/2014:05:27:54 -0400] - Warning: Adding
configuration attribute "nsslapd-security"</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down -
signaling operation threads</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down -
waiting for 28 threads to terminate</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down -
closing down internal subsystems and plugins</div>
<div>[01/Apr/2014:05:27:54 -0400] - Waiting for 4 database
threads to stop</div>
<div>[01/Apr/2014:05:27:55 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:05:27:55 -0400] - slapd stopped.</div>
<div>[01/Apr/2014:05:27:56 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key
found for cipher AES in backend userRoot, attempting to
create one...</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher
AES successfully generated and stored</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key
found for cipher 3DES in backend userRoot, attempting to
create one...</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher
3DES successfully generated and stored</div>
<div>[01/Apr/2014:05:27:56 -0400] ipalockout_get_global_config
- [file ipa_lockout.c, line 185]: Failed to get default
realm (-1765328160)</div>
<div>[01/Apr/2014:05:27:56 -0400] ipaenrollment_start - [file
ipa_enrollment.c, line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - Listening on All
Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd shutting down -
signaling operation threads</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd shutting down -
waiting for 29 threads to terminate</div>
<div>[01/Apr/2014:05:27:57 -0400] - slapd shutting down -
closing down internal subsystems and plugins</div>
<div>[01/Apr/2014:05:27:57 -0400] - Waiting for 4 database
threads to stop</div>
<div>[01/Apr/2014:05:27:57 -0400] - All database threads now
stopped</div>
<div>[01/Apr/2014:05:27:57 -0400] - slapd stopped.</div>
<div>[01/Apr/2014:05:27:58 -0400] - 389-Directory/1.3.1.22.a1
B2014.073.1751 starting up</div>
<div>[01/Apr/2014:05:27:59 -0400] ipalockout_get_global_config
- [file ipa_lockout.c, line 185]: Failed to get default
realm (-1765328160)</div>
<div>[01/Apr/2014:05:27:59 -0400] ipaenrollment_start - [file
ipa_enrollment.c, line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:05:27:59 -0400] - slapd started. Listening
on All Interfaces port 389 for LDAP requests</div>
<div>[01/Apr/2014:05:27:59 -0400] - Listening on All
Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:05:27:59 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div>
<div>[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
agmt="cn=<a moz-do-not-send="true"
href="http://meToipa.example.com">meToipa.example.com</a>"
(ipa:389): The remote replica has a different database
generation ID than the local database. You may have to
reinitialize the remote replica, or the local replica.</div>
<div>[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is
going offline; disabling replication</div>
<div>[01/Apr/2014:05:28:01 -0400] - WARNING: Import is running
with nsslapd-db-private-import-mem on; No other process is
allowed to access the database</div>
<div>[01/Apr/2014:05:28:04 -0400] - import userRoot: Workers
finished; cleaning up...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Workers
cleaned up.</div>
<div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Indexing
complete. Post-processing...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import userRoot:
Generating numSubordinates complete.</div>
<div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Flushing
caches...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Closing
files...</div>
<div>[01/Apr/2014:05:28:06 -0400] - import userRoot: Import
complete. Processed 453 entries in 5 seconds. (90.60
entries/sec)</div>
<div>[01/Apr/2014:05:28:06 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is
coming online; enabling replication</div>
<div>[01/Apr/2014:05:28:06 -0400] - Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS
Templates found, which should be added before the CoS
Definition.</div>
<div>[01/Apr/2014:05:32:38 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:32:38 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>
.</div>
<div>.</div>
<div>.</div>
<div>[01/Apr/2014:13:12:39 -0400] ipalockout_preop - [file
ipa_lockout.c, line 749]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:13:12:39 -0400] ipalockout_postop - [file
ipa_lockout.c, line 503]: Failed to retrieve entry
"cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
</div>
</div>
</blockquote>
<br>
This seems bad, but I'm not sure if this is the root of the
replication problem.<br>
<br>
<blockquote
cite="mid:CAPUVn2vqtcjFyo-h_rndXEiUMMHuS75QoLyb1zZe2JdhkVB2dw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Apr 1, 2014 at 1:13 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="">
<div>On 04/01/2014 03:46 AM, Nevada Sanchez wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I've had a replica working with FreeIPA
3.2.1 for awhile. After upgrading to 3.3.4, the
replica wouldn't recognize my admin login anymore.
After much troubleshooting, I decided to try to redo
the replica since it was quite straightforward when
I first set it up (what could go wrong, right?)</div>
</blockquote>
</div>
What is your version of 389-ds-base? rpm -q 389-ds-base<br>
<br>
What is in your dirsrv errors log?
/var/log/dirsrv/slapd-DOMAIN-TLD/errors<br>
<br>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div> <br>
</div>
<div>Unfortunately, I've spent most of my day
trying to get the replica to work this time.
I've tried turning off all firewalls on both
machines, rebooting both machines, upgrading all
packages on both machines (both are running
Fedora 19), reinstalling FreeIPA packages, and
several other things, but I keep getting stuck
at the same step (see output below).</div>
<div><br>
</div>
<div>=================================================================</div>
<div>
<div>
<div>[root@ipa2 ipaserver]#
ipa-replica-install --setup-dns
--no-forwarders
/var/lib/ipa/replica-info-ipa2.example.com.gpg</div>
<div>WARNING: conflicting time&date
synchronization service 'chronyd' will</div>
<div>be disabled in favor of ntpd</div>
<div><br>
</div>
<div>Run connection check to master</div>
<div>Check connection from replica to remote
master '<a moz-do-not-send="true"
href="http://ipa.example.com"
target="_blank">ipa.example.com</a>':</div>
<div> Directory Service: Unsecure port
(389): OK</div>
<div> Directory Service: Secure port (636):
OK</div>
<div> Kerberos KDC: TCP (88): OK</div>
<div> Kerberos Kpasswd: TCP (464): OK</div>
<div> HTTP Server: Unsecure port (80): OK</div>
<div> HTTP Server: Secure port (443): OK</div>
<div><br>
</div>
<div>The following list of ports use UDP
protocol and would need to be</div>
<div>checked manually:</div>
<div> Kerberos KDC: UDP (88): SKIPPED</div>
<div> Kerberos Kpasswd: UDP (464): SKIPPED</div>
<div><br>
</div>
<div>Connection from replica to master is OK.</div>
<div>Start listening on required ports for
remote master check</div>
<div>Get credentials to log in to remote
master</div>
<div>Check SSH connection to remote master</div>
<div>Execute check on remote master</div>
<div>Check connection from master to remote
replica '<a moz-do-not-send="true"
href="http://ipa2.example.com"
target="_blank">ipa2.example.com</a>':</div>
<div> Directory Service: Unsecure port
(389): OK</div>
<div> Directory Service: Secure port (636):
OK</div>
<div> Kerberos KDC: TCP (88): OK</div>
<div> Kerberos KDC: UDP (88): OK</div>
<div> Kerberos Kpasswd: TCP (464): OK</div>
<div> Kerberos Kpasswd: UDP (464): OK</div>
<div> HTTP Server: Unsecure port (80): OK</div>
<div> HTTP Server: Secure port (443): OK</div>
<div><br>
</div>
<div>Connection from master to replica is OK.</div>
<div><br>
</div>
<div>Connection check OK</div>
<div>Configuring NTP daemon (ntpd)</div>
<div> [1/4]: stopping ntpd</div>
<div> [2/4]: writing configuration</div>
<div> [3/4]: configuring ntpd to start on
boot</div>
<div> [4/4]: starting ntpd</div>
<div>Done configuring NTP daemon (ntpd).</div>
<div>Configuring directory server (dirsrv):
Estimated time 1 minute</div>
<div> [1/34]: creating directory server user</div>
<div> [2/34]: creating directory server
instance</div>
<div> [3/34]: adding default schema</div>
<div> [4/34]: enabling memberof plugin</div>
<div> [5/34]: enabling winsync plugin</div>
<div> [6/34]: configuring replication version
plugin</div>
<div> [7/34]: enabling IPA enrollment plugin</div>
<div> [8/34]: enabling ldapi</div>
<div> [9/34]: configuring uniqueness plugin</div>
<div> [10/34]: configuring uuid plugin</div>
<div> [11/34]: configuring modrdn plugin</div>
<div> [12/34]: configuring DNS plugin</div>
<div> [13/34]: enabling entryUSN plugin</div>
<div> [14/34]: configuring lockout plugin</div>
<div> [15/34]: creating indices</div>
<div> [16/34]: enabling referential integrity
plugin</div>
<div> [17/34]: configuring ssl for ds
instance</div>
<div> [18/34]: configuring certmap.conf</div>
<div> [19/34]: configure autobind for root</div>
<div> [20/34]: configure new location for
managed entries</div>
<div> [21/34]: configure dirsrv ccache</div>
<div> [22/34]: enable SASL mapping fallback</div>
<div> [23/34]: restarting directory server</div>
<div> [24/34]: setting up initial replication</div>
<div>Starting replication, please wait until
this has completed.</div>
<div>Update in progress, 5 seconds elapsed</div>
<div>[<a moz-do-not-send="true"
href="http://ipa.example.com"
target="_blank">ipa.example.com</a>]
reports: Update failed! Status: [-1 Total
update abortedLDAP error: Can't contact LDAP
server]</div>
</div>
<div> <br>
</div>
<div>Your system may be partly configured.</div>
<div>Run /usr/sbin/ipa-server-install
--uninstall to clean up.</div>
<div><br>
</div>
<div>Failed to start replication</div>
</div>
<div>=================================================================</div>
<div><br>
</div>
<div>I've confirmed that I can do ldapsearch from
each machine to the other one for the replica
status records (through ldap and ldaps), so I
know that they can communicate. Trouble is,
something behind the scenes is throwing the
status error (as seen in the
nsds5ReplicaLastInitStatus attribute).</div>
<div><br>
</div>
<div>=================================================================</div>
<div>
<div>[root@ipa2 ipaserver]# ldapsearch <a
moz-do-not-send="true">ldaps://</a><a
moz-do-not-send="true"
href="http://ipa.example.com:636"
target="_blank">ipa.example.com:636</a> -D
'cn=Directory Manager' -w ##### -b 'cn=<a
moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
tree,cn=config' '(objectClass=*)' -s base
nsds5ReplicaLastInitStart
nsds5replicaUpdateInProgress
nsds5ReplicaLastInitStatus cn
nsds5BeginReplicaRefresh
nsds5ReplicaLastInitEnd</div>
<div># extended LDIF</div>
<div>#</div>
<div># LDAPv3</div>
<div># base <cn=<a moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
tree,cn=config> with scope baseObject</div>
<div># filter: (objectclass=*)</div>
<div># requesting: <a moz-do-not-send="true">ldaps://</a><a
moz-do-not-send="true"
href="http://ipa.example.com:636"
target="_blank">ipa.example.com:636</a>
(objectClass=*) nsds5ReplicaLastInitStart
nsds5replicaUpdateInProgress
nsds5ReplicaLastInitStatus cn
nsds5BeginReplicaRefresh
nsds5ReplicaLastInitEnd </div>
<div>#</div>
<div><br>
</div>
<div># <a moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,
replica, dc\3Dexample\2Cdc\3Dcom,</div>
<div> mapping tree, config</div>
<div>dn: cn=<a moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\3Dexample\2Cd</div>
<div> c\3Dcom,cn=mapping tree,cn=config</div>
<div>nsds5ReplicaLastInitStart: 20140401092800Z</div>
<div>nsds5replicaUpdateInProgress: FALSE</div>
<div>nsds5ReplicaLastInitStatus: -1 Total update
abortedLDAP error: Can't contact L</div>
<div> DAP server</div>
<div>cn: <a moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a></div>
<div>nsds5ReplicaLastInitEnd: 20140401092804Z</div>
<div><br>
</div>
<div># search result</div>
<div>search: 2</div>
<div>result: 0 Success</div>
<div><br>
</div>
<div># numResponses: 2</div>
<div># numEntries: 1</div>
</div>
<div>=================================================================</div>
<div><br>
</div>
<div>I'd really love for someone to help out with
this, as I can't afford another entire night
trying to figure this out. Thanks in advance!</div>
<div><br>
</div>
<div>-Nevada</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>