[Freeipa-devel] Unable to acquire replicaLDAP during replica installation

Oleg Fayans ofayans at redhat.com
Wed Jul 15 12:42:37 UTC 2015 

Hi Ludwig,

On 07/15/2015 01:52 PM, Ludwig Krispenz wrote:
>
> On 07/15/2015 01:22 PM, Oleg Fayans wrote:
>> Hi Ludwig,
>>
>> On 07/15/2015 12:20 PM, Ludwig Krispenz wrote:
>>> looks like the initial replication is failing:
>>> [15/Jul/2015:04:47:31 -0400] slapi_ldap_bind - Error: could not bind 
>>> id [cn=replication manager,cn=config] authentication mechanism 
>>> [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>> [15/Jul/2015:04:47:31 -0400] NSMMReplicationPlugin - 
>>> agmt="cn=meTof22master.pesen.net" (f22master:389): Replication bind 
>>> with SIMPLE auth failed: LDAP error 32 (No such object) ()
>>>
>>> could you check the access log for ADD and DEL of "cn=replication 
>>> manager,cn=config" on both master and replica,
>> Here are corresponding lines in access log of master:
>>
>> [15/Jul/2015:04:45:00 -0400] conn=52 op=6 ADD dn="cn=replication 
>> manager,cn=config"
>> [15/Jul/2015:04:45:00 -0400] conn=52 op=6 RESULT err=68 tag=105 
>> nentries=0 etime=0
> err=68 means "already exists", so is there an other ADD, and a DEL ?
>
> did you install the replicas in parallel ?
Yes, I did.
Probably, this is the main reason

>>
>> Replica's access log does not contain any records about replication 
>> manager
>>
>> error log on master has this interesting record:
>> [15/Jul/2015:04:47:30 -0400] repl_version_plugin_recv_acquire_cb - 
>> [file ipa_repl_version.c, line 119]: Incompatible IPA versions, 
>> pausing replication. This server: "20100614120000" remote server: 
>> "(null)".
>>
>> This is really weird, because both master and replica use the same 
>> version of packages:
>> freeipa-server-4.2.90.201507141138GIT3459607-0.fc22.x86_64
>>
>>> is there anything in the error log of the master ?
>>>
>>> Ludwig
>>>
>>> On 07/15/2015 11:07 AM, Oleg Fayans wrote:
>>>> Hi everybody,
>>>>
>>>> The following error was encountered during installation of one of 
>>>> repicas using the packages built from the latest upstream code:
>>>>   [error] RuntimeError: One of the ldap service principals is 
>>>> missing. Replication agreement cannot be converted.
>>>> Replication error message: Unable to acquire replicaLDAP error: No 
>>>> such object
>>>>
>>>> The second replica however was installed successfully.
>>>> Installation log and dirsrv errors log are attached
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>

-- 
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

More information about the Freeipa-devel mailing list