<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 02/12/2016 03:06 PM, Filip Pytloun
wrote:<br>
</div>
<blockquote cite="mid:20160212140613.GC16168@eru" type="cite">
<pre wrap="">Hello,
even when enabling replication logging, I get nothing useful in logs:
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin - agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Trying secure startTLS slapi_ldap_init_ext
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin - agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): binddn = cn=replication manager,cn=config, passwd = {AES-some_encrypted_password
[12/Feb/2016:14:57:01 +0100] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)
[12/Feb/2016:14:57:01 +0100] NSMMReplicationPlugin - agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Replication bind with SIMPLE auth failed: LDAP error -11 (Connect error) ((unknown error code))
[12/Feb/2016:14:57:01 +0100] NSMMReplicationPlugin - agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Disconnected from the consumer</pre>
</blockquote>
what is in the access and error logs of idm02 for this time ?<br>
<blockquote cite="mid:20160212140613.GC16168@eru" type="cite">
<pre wrap="">
But I can bind just fine manually:
ldapsearch -D "cn=replication manager,cn=config" -w some_password -b cn=config -h idm02 -ZZ
I am starting to be clueless, nobody has an idea what could be wrong?
- DNS including PTR records are set up fine
- /etc/hosts is setup fine
- conncheck passes fine between nodes
- I can bind manually just fine
On 2016/02/08 18:05, Filip Pytloun wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
I have a weird issue setting up FreeIPA replica. Conncheck passes fine
but at the end of ipa-replica-install I always get following error:
slapi_ldap_bind -Error: could not send startTLS request: error -11
(Connect error) errno 0 (Success)
on both master and replica without any further explanation in logs.
/etc/ldap.conf is correctly setup before ipa-replica-install and IPA CA
certificate is installed in system CA bundle so TLS should work just
fine.
Also I can manually connect just fine from replica to master and back so
it's not a network or LDAP client issue.
Replica agreement looks like this: <a class="moz-txt-link-freetext" href="http://pastebin.com/FT3p3KUk">http://pastebin.com/FT3p3KUk</a>
freeipa-server 4.1.4
389-ds 1.3.4.5
Has anyone idea where to look at?
Filip
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>