<html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 04/01/2014 01:16 PM, Nevada Sanchez wrote:<br> </div> <blockquote cite="mid:CAPUVn2vqtcjFyo-h_rndXEiUMMHuS75QoLyb1zZe2JdhkVB2dw@mail.gmail.com" type="cite"> <div dir="ltr"> <div>389-ds-base-1.3.1.22-1.fc19.x86_64</div> <div><br> </div> <div>The following, I think, summarizes the contents of the error log (I probably uninstalled and tried reimporting 2 or 3 times in what is shown).</div> <div><br> </div> <div>.</div> <div>.</div> <div>.</div> <div> <div>[01/Apr/2014:03:42:46 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database</div> <div>[01/Apr/2014:03:42:46 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 1970554, procpages: 53717</div> <div>[01/Apr/2014:03:42:46 -0400] - Import allocates 3152884KB import cache.</div> <div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Beginning import job...</div> <div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Index buffering enabled with bucket size 100</div> <div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"</div> <div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)</div> <div>[01/Apr/2014:03:42:46 -0400] - import userRoot: Workers finished; cleaning up...</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Workers cleaned up.</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Cleaning up producer thread...</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Indexing complete. Post-processing...</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Generating numSubordinates complete.</div> <div>[01/Apr/2014:03:42:47 -0400] - Nothing to do to build ancestorid index</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Flushing caches...</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Closing files...</div> <div>[01/Apr/2014:03:42:47 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:03:42:47 -0400] - import userRoot: Import complete. Processed 1 entries in 1 seconds. (1.00 entries/sec)</div> <div>[01/Apr/2014:03:42:47 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:03:42:47 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.</div> <div>[01/Apr/2014:03:42:48 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:03:42:48 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.</div> <div>[01/Apr/2014:03:42:48 -0400] - I'm resizing my cache now...cache was 3228553216 and is now 8000000</div> <div>[01/Apr/2014:03:42:48 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:03:42:48 -0400] - The change of nsslapd-ldapilisten will not take effect until the server is restarted</div> <div>[01/Apr/2014:03:43:01 -0400] - Warning: Adding configuration attribute "nsslapd-security"</div> <div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down - signaling operation threads</div> <div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down - waiting for 27 threads to terminate</div> <div>[01/Apr/2014:03:43:01 -0400] - slapd shutting down - closing down internal subsystems and plugins</div> <div>[01/Apr/2014:03:43:01 -0400] - Waiting for 4 database threads to stop</div> <div>[01/Apr/2014:03:43:02 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:03:43:02 -0400] - slapd stopped.</div> <div>[01/Apr/2014:03:43:03 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...</div> <div>[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher AES successfully generated and stored</div> <div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...</div> <div>[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored</div> <div>[01/Apr/2014:03:43:03 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)</div> <div>[01/Apr/2014:03:43:04 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!</div> <div>[01/Apr/2014:03:43:04 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:03:43:04 -0400] - Listening on All Interfaces port 636 for LDAPS requests</div> <div>[01/Apr/2014:03:43:04 -0400] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div> <div>[01/Apr/2014:03:43:04 -0400] - slapd shutting down - signaling operation threads</div> <div>[01/Apr/2014:03:43:04 -0400] - slapd shutting down - waiting for 27 threads to terminate</div> <div>[01/Apr/2014:03:43:05 -0400] - slapd shutting down - closing down internal subsystems and plugins</div> <div>[01/Apr/2014:03:43:05 -0400] - Waiting for 4 database threads to stop</div> <div>[01/Apr/2014:03:43:05 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:03:43:05 -0400] - slapd stopped.</div> <div>[01/Apr/2014:03:43:06 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:03:43:06 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)</div> <div>[01/Apr/2014:03:43:06 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!</div> <div>[01/Apr/2014:03:43:06 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:03:43:06 -0400] - Listening on All Interfaces port 636 for LDAPS requests</div> <div>[01/Apr/2014:03:43:06 -0400] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div> <div>[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin - agmt="cn=<a moz-do-not-send="true" href="http://meToipa.example.com">meToipa.example.com</a>" (ipa:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.</div> <div>[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is going offline; disabling replication</div> <div>[01/Apr/2014:03:43:08 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database</div> <div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers finished; cleaning up...</div> <div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers cleaned up.</div> <div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Indexing complete. Post-processing...</div> <div>[01/Apr/2014:03:43:11 -0400] - import userRoot: Generating numSubordinates complete.</div> <div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Flushing caches...</div> <div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Closing files...</div> <div>[01/Apr/2014:03:43:12 -0400] - import userRoot: Import complete. Processed 453 entries in 4 seconds. (113.25 entries/sec)</div> <div>[01/Apr/2014:03:43:12 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is coming online; enabling replication</div> <div>[01/Apr/2014:03:43:12 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.</div> <div>[01/Apr/2014:03:43:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:03:43:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:03:48:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:03:48:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:03:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:03:53:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:03:58:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:03:58:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:08:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:13:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:18:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:18:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:23:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:23:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:28:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:28:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:33:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:33:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:38:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:38:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:43:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:43:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:48:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:48:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:53:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:04:58:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:04:58:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:08:18 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:13:19 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:14:36 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:14:36 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:14:41 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:14:41 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:14:46 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:14:46 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> [01/Apr/2014:05:14:58 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:14:58 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down - signaling operation threads</div> <div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down - waiting for 28 threads to terminate</div> <div>[01/Apr/2014:05:15:00 -0400] - slapd shutting down - closing down internal subsystems and plugins</div> <div>[01/Apr/2014:05:15:01 -0400] - Waiting for 4 database threads to stop</div> <div>[01/Apr/2014:05:15:01 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:05:15:01 -0400] - slapd stopped.</div> <div>[01/Apr/2014:05:27:38 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database</div> <div>[01/Apr/2014:05:27:38 -0400] - check_and_set_import_cache: pagesize: 4096, pages: 1970554, procpages: 53717</div> <div>[01/Apr/2014:05:27:38 -0400] - Import allocates 3152884KB import cache.</div> <div>[01/Apr/2014:05:27:38 -0400] - import userRoot: Beginning import job...</div> <div>[01/Apr/2014:05:27:38 -0400] - import userRoot: Index buffering enabled with bucket size 100</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Processing file "/var/lib/dirsrv/boot.ldif"</div> <div> [01/Apr/2014:05:27:39 -0400] - import userRoot: Finished scanning file "/var/lib/dirsrv/boot.ldif" (1 entries)</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers finished; cleaning up...</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers cleaned up.</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Cleaning up producer thread...</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Indexing complete. Post-processing...</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Generating numSubordinates complete.</div> <div>[01/Apr/2014:05:27:39 -0400] - Nothing to do to build ancestorid index</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Flushing caches...</div> <div>[01/Apr/2014:05:27:39 -0400] - import userRoot: Closing files...</div> <div>[01/Apr/2014:05:27:40 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:05:27:40 -0400] - import userRoot: Import complete. Processed 1 entries in 2 seconds. (0.50 entries/sec)</div> <div>[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.</div> <div>[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the config file.</div> <div>[01/Apr/2014:05:27:40 -0400] - I'm resizing my cache now...cache was 3228553216 and is now 8000000</div> <div>[01/Apr/2014:05:27:41 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:05:27:41 -0400] - The change of nsslapd-ldapilisten will not take effect until the server is restarted</div> <div>[01/Apr/2014:05:27:54 -0400] - Warning: Adding configuration attribute "nsslapd-security"</div> <div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down - signaling operation threads</div> <div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down - waiting for 28 threads to terminate</div> <div>[01/Apr/2014:05:27:54 -0400] - slapd shutting down - closing down internal subsystems and plugins</div> <div>[01/Apr/2014:05:27:54 -0400] - Waiting for 4 database threads to stop</div> <div>[01/Apr/2014:05:27:55 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:05:27:55 -0400] - slapd stopped.</div> <div>[01/Apr/2014:05:27:56 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher AES in backend userRoot, attempting to create one...</div> <div>[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher AES successfully generated and stored</div> <div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher 3DES in backend userRoot, attempting to create one...</div> <div>[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher 3DES successfully generated and stored</div> <div>[01/Apr/2014:05:27:56 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)</div> <div>[01/Apr/2014:05:27:56 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!</div> <div>[01/Apr/2014:05:27:56 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:05:27:56 -0400] - Listening on All Interfaces port 636 for LDAPS requests</div> <div>[01/Apr/2014:05:27:56 -0400] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div> <div>[01/Apr/2014:05:27:56 -0400] - slapd shutting down - signaling operation threads</div> <div>[01/Apr/2014:05:27:56 -0400] - slapd shutting down - waiting for 29 threads to terminate</div> <div>[01/Apr/2014:05:27:57 -0400] - slapd shutting down - closing down internal subsystems and plugins</div> <div>[01/Apr/2014:05:27:57 -0400] - Waiting for 4 database threads to stop</div> <div>[01/Apr/2014:05:27:57 -0400] - All database threads now stopped</div> <div>[01/Apr/2014:05:27:57 -0400] - slapd stopped.</div> <div>[01/Apr/2014:05:27:58 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751 starting up</div> <div>[01/Apr/2014:05:27:59 -0400] ipalockout_get_global_config - [file ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)</div> <div>[01/Apr/2014:05:27:59 -0400] ipaenrollment_start - [file ipa_enrollment.c, line 393]: Failed to get default realm?!</div> <div>[01/Apr/2014:05:27:59 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests</div> <div>[01/Apr/2014:05:27:59 -0400] - Listening on All Interfaces port 636 for LDAPS requests</div> <div>[01/Apr/2014:05:27:59 -0400] - Listening on /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests</div> <div>[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin - agmt="cn=<a moz-do-not-send="true" href="http://meToipa.example.com">meToipa.example.com</a>" (ipa:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica.</div> <div>[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is going offline; disabling replication</div> <div>[01/Apr/2014:05:28:01 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database</div> <div>[01/Apr/2014:05:28:04 -0400] - import userRoot: Workers finished; cleaning up...</div> <div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Workers cleaned up.</div> <div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Indexing complete. Post-processing...</div> <div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Generating numSubordinates complete.</div> <div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Flushing caches...</div> <div>[01/Apr/2014:05:28:05 -0400] - import userRoot: Closing files...</div> <div>[01/Apr/2014:05:28:06 -0400] - import userRoot: Import complete. Processed 453 entries in 5 seconds. (90.60 entries/sec)</div> <div>[01/Apr/2014:05:28:06 -0400] NSMMReplicationPlugin - multimaster_be_state_change: replica dc=example,dc=com is coming online; enabling replication</div> <div>[01/Apr/2014:05:28:06 -0400] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.</div> <div>[01/Apr/2014:05:32:38 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:05:32:38 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div> .</div> <div>.</div> <div>.</div> <div>[01/Apr/2014:13:12:39 -0400] ipalockout_preop - [file ipa_lockout.c, line 749]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> <div>[01/Apr/2014:13:12:39 -0400] ipalockout_postop - [file ipa_lockout.c, line 503]: Failed to retrieve entry "cn=Replication Manager cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32</div> </div> </div> </blockquote> <br> This seems bad, but I'm not sure if this is the root of the replication problem.<br> <br> <blockquote cite="mid:CAPUVn2vqtcjFyo-h_rndXEiUMMHuS75QoLyb1zZe2JdhkVB2dw@mail.gmail.com" type="cite"> <div dir="ltr"> <div> </div> <div><br> </div> </div> <div class="gmail_extra"><br> <br> <div class="gmail_quote">On Tue, Apr 1, 2014 at 1:13 PM, Rich Megginson <span dir="ltr"><<a moz-do-not-send="true" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div text="#000000" bgcolor="#FFFFFF"> <div class=""> <div>On 04/01/2014 03:46 AM, Nevada Sanchez wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">I've had a replica working with FreeIPA 3.2.1 for awhile. After upgrading to 3.3.4, the replica wouldn't recognize my admin login anymore. After much troubleshooting, I decided to try to redo the replica since it was quite straightforward when I first set it up (what could go wrong, right?)</div> </blockquote> </div> What is your version of 389-ds-base? rpm -q 389-ds-base<br> <br> What is in your dirsrv errors log? /var/log/dirsrv/slapd-DOMAIN-TLD/errors<br> <br> <blockquote type="cite"> <div> <div class="h5"> <div dir="ltr"> <div> <br> </div> <div>Unfortunately, I've spent most of my day trying to get the replica to work this time. I've tried turning off all firewalls on both machines, rebooting both machines, upgrading all packages on both machines (both are running Fedora 19), reinstalling FreeIPA packages, and several other things, but I keep getting stuck at the same step (see output below).</div> <div><br> </div> <div>=================================================================</div> <div> <div> <div>[root@ipa2 ipaserver]# ipa-replica-install --setup-dns --no-forwarders /var/lib/ipa/replica-info-ipa2.example.com.gpg</div> <div>WARNING: conflicting time&date synchronization service 'chronyd' will</div> <div>be disabled in favor of ntpd</div> <div><br> </div> <div>Run connection check to master</div> <div>Check connection from replica to remote master '<a moz-do-not-send="true" href="http://ipa.example.com" target="_blank">ipa.example.com</a>':</div> <div> Directory Service: Unsecure port (389): OK</div> <div> Directory Service: Secure port (636): OK</div> <div> Kerberos KDC: TCP (88): OK</div> <div> Kerberos Kpasswd: TCP (464): OK</div> <div> HTTP Server: Unsecure port (80): OK</div> <div> HTTP Server: Secure port (443): OK</div> <div><br> </div> <div>The following list of ports use UDP protocol and would need to be</div> <div>checked manually:</div> <div> Kerberos KDC: UDP (88): SKIPPED</div> <div> Kerberos Kpasswd: UDP (464): SKIPPED</div> <div><br> </div> <div>Connection from replica to master is OK.</div> <div>Start listening on required ports for remote master check</div> <div>Get credentials to log in to remote master</div> <div>Check SSH connection to remote master</div> <div>Execute check on remote master</div> <div>Check connection from master to remote replica '<a moz-do-not-send="true" href="http://ipa2.example.com" target="_blank">ipa2.example.com</a>':</div> <div> Directory Service: Unsecure port (389): OK</div> <div> Directory Service: Secure port (636): OK</div> <div> Kerberos KDC: TCP (88): OK</div> <div> Kerberos KDC: UDP (88): OK</div> <div> Kerberos Kpasswd: TCP (464): OK</div> <div> Kerberos Kpasswd: UDP (464): OK</div> <div> HTTP Server: Unsecure port (80): OK</div> <div> HTTP Server: Secure port (443): OK</div> <div><br> </div> <div>Connection from master to replica is OK.</div> <div><br> </div> <div>Connection check OK</div> <div>Configuring NTP daemon (ntpd)</div> <div> [1/4]: stopping ntpd</div> <div> [2/4]: writing configuration</div> <div> [3/4]: configuring ntpd to start on boot</div> <div> [4/4]: starting ntpd</div> <div>Done configuring NTP daemon (ntpd).</div> <div>Configuring directory server (dirsrv): Estimated time 1 minute</div> <div> [1/34]: creating directory server user</div> <div> [2/34]: creating directory server instance</div> <div> [3/34]: adding default schema</div> <div> [4/34]: enabling memberof plugin</div> <div> [5/34]: enabling winsync plugin</div> <div> [6/34]: configuring replication version plugin</div> <div> [7/34]: enabling IPA enrollment plugin</div> <div> [8/34]: enabling ldapi</div> <div> [9/34]: configuring uniqueness plugin</div> <div> [10/34]: configuring uuid plugin</div> <div> [11/34]: configuring modrdn plugin</div> <div> [12/34]: configuring DNS plugin</div> <div> [13/34]: enabling entryUSN plugin</div> <div> [14/34]: configuring lockout plugin</div> <div> [15/34]: creating indices</div> <div> [16/34]: enabling referential integrity plugin</div> <div> [17/34]: configuring ssl for ds instance</div> <div> [18/34]: configuring certmap.conf</div> <div> [19/34]: configure autobind for root</div> <div> [20/34]: configure new location for managed entries</div> <div> [21/34]: configure dirsrv ccache</div> <div> [22/34]: enable SASL mapping fallback</div> <div> [23/34]: restarting directory server</div> <div> [24/34]: setting up initial replication</div> <div>Starting replication, please wait until this has completed.</div> <div>Update in progress, 5 seconds elapsed</div> <div>[<a moz-do-not-send="true" href="http://ipa.example.com" target="_blank">ipa.example.com</a>] reports: Update failed! Status: [-1 Total update abortedLDAP error: Can't contact LDAP server]</div> </div> <div> <br> </div> <div>Your system may be partly configured.</div> <div>Run /usr/sbin/ipa-server-install --uninstall to clean up.</div> <div><br> </div> <div>Failed to start replication</div> </div> <div>=================================================================</div> <div><br> </div> <div>I've confirmed that I can do ldapsearch from each machine to the other one for the replica status records (through ldap and ldaps), so I know that they can communicate. Trouble is, something behind the scenes is throwing the status error (as seen in the nsds5ReplicaLastInitStatus attribute).</div> <div><br> </div> <div>=================================================================</div> <div> <div>[root@ipa2 ipaserver]# ldapsearch <a moz-do-not-send="true">ldaps://</a><a moz-do-not-send="true" href="http://ipa.example.com:636" target="_blank">ipa.example.com:636</a> -D 'cn=Directory Manager' -w ##### -b 'cn=<a moz-do-not-send="true" href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping tree,cn=config' '(objectClass=*)' -s base nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh nsds5ReplicaLastInitEnd</div> <div># extended LDIF</div> <div>#</div> <div># LDAPv3</div> <div># base <cn=<a moz-do-not-send="true" href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping tree,cn=config> with scope baseObject</div> <div># filter: (objectclass=*)</div> <div># requesting: <a moz-do-not-send="true">ldaps://</a><a moz-do-not-send="true" href="http://ipa.example.com:636" target="_blank">ipa.example.com:636</a> (objectClass=*) nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh nsds5ReplicaLastInitEnd </div> <div>#</div> <div><br> </div> <div># <a moz-do-not-send="true" href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a>, replica, dc\3Dexample\2Cdc\3Dcom,</div> <div> mapping tree, config</div> <div>dn: cn=<a moz-do-not-send="true" href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\3Dexample\2Cd</div> <div> c\3Dcom,cn=mapping tree,cn=config</div> <div>nsds5ReplicaLastInitStart: 20140401092800Z</div> <div>nsds5replicaUpdateInProgress: FALSE</div> <div>nsds5ReplicaLastInitStatus: -1 Total update abortedLDAP error: Can't contact L</div> <div> DAP server</div> <div>cn: <a moz-do-not-send="true" href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a></div> <div>nsds5ReplicaLastInitEnd: 20140401092804Z</div> <div><br> </div> <div># search result</div> <div>search: 2</div> <div>result: 0 Success</div> <div><br> </div> <div># numResponses: 2</div> <div># numEntries: 1</div> </div> <div>=================================================================</div> <div><br> </div> <div>I'd really love for someone to help out with this, as I can't afford another entire night trying to figure this out. Thanks in advance!</div> <div><br> </div> <div>-Nevada</div> </div> <br> <fieldset></fieldset> <br> </div> </div> <pre>_______________________________________________ Freeipa-users mailing list <a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> </div> </blockquote> </div> <br> </div> </blockquote> <br> </body> </html>