[Freeipa-users] replica creation failure with ipa-server-1.2.1 and fedora-ds-base-1.1.3
Rich Megginson
rmeggins at redhat.com
Wed Oct 27 20:56:09 UTC 2010
Kambiz Aghaiepour wrote:
> Still struggling to create a replica. Here's what the debug output is
> showing in the consumer error log:
>
> [---snip---]
> [27/Oct/2010:12:53:30 -0400] - activity on 64r
> [27/Oct/2010:12:53:30 -0400] - read activity on 64
> [27/Oct/2010:12:53:30 -0400] - listener got signaled
> [27/Oct/2010:12:53:30 -0400] - activity on 64r
> [27/Oct/2010:12:53:30 -0400] - read activity on 64
> [27/Oct/2010:12:53:30 -0400] - listener got signaled
> [27/Oct/2010:12:53:30 -0400] - activity on 64r
> [27/Oct/2010:12:53:30 -0400] - read activity on 64
> [27/Oct/2010:12:53:30 -0400] - listener got signaled
> [27/Oct/2010:12:53:35 -0400] - activity on 64r
> [27/Oct/2010:12:53:35 -0400] - read activity on 64
> [27/Oct/2010:12:53:35 -0400] - ber_get_next failed for connection 11
> [27/Oct/2010:12:53:35 -0400] - conn 11 activity level = 83
> [27/Oct/2010:12:53:35 -0400] - conn 11 turbo rank = 0 out of 1 conns
> [27/Oct/2010:12:53:35 -0400] - conn 11 entering turbo mode
> [27/Oct/2010:12:53:35 -0400] - listener got signaled
> [27/Oct/2010:12:53:35 -0400] - ERROR bulk import abandoned
> [27/Oct/2010:12:53:35 -0400] - import userRoot: Aborting all import
> threads...
> [---snip---]
>
> The access log on the consumer reads:
>
> [---snip---]
> [27/Oct/2010:12:53:30 -0400] conn=11 op=80 EXT
> oid="2.16.840.1.113730.3.5.6" name="Netscape Replication Total Update Entry"
> [27/Oct/2010:12:53:30 -0400] conn=11 op=80 RESULT err=0 tag=120
> nentries=0 etime=0
> [27/Oct/2010:12:53:30 -0400] conn=11 op=81 EXT
> oid="2.16.840.1.113730.3.5.6" name="Netscape Replication Total Update Entry"
> [27/Oct/2010:12:53:30 -0400] conn=11 op=81 RESULT err=0 tag=120
> nentries=0 etime=0
> [27/Oct/2010:12:53:30 -0400] conn=11 op=82 EXT
> oid="2.16.840.1.113730.3.5.6" name="Netscape Replication Total Update Entry"
> [27/Oct/2010:12:53:30 -0400] conn=11 op=82 RESULT err=0 tag=120
> nentries=0 etime=0
> [27/Oct/2010:12:53:35 -0400] conn=11 op=-1 fd=64 closed error 90
> (Message too long) - B2
> [27/Oct/2010:12:53:42 -0400] conn=12 fd=64 slot=64 SSL connection from
> 152.45.5.155 to 152.45.5.166
> [27/Oct/2010:12:53:42 -0400] conn=12 SSL 256-bit AES
> [27/Oct/2010:12:53:42 -0400] conn=12 op=0 BIND dn="cn=replication
> manager,cn=config" method=128 version=3
> [27/Oct/2010:12:53:42 -0400] conn=12 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn="cn=replication manager,cn=config"
> [---snip---]
>
>
> (note error 90, message too long). This is between a consumer and
> supplier on the same subnet.
>
Maybe tcpdump/wireshark or some sort of TCP/IP debugging tool could
help? I just don't know how to solve this at the application layer - we
don't do anything with TCP message sizes in the directory server or the
ldap c sdk - we just pass everything to send()/recv() and expect it will
do the rest. I don't know if there is some sort of TCP tuning you could
do to help this situation.
> The supplier error log reads (sanitized with "hostname"):
>
> [---snip---]
> [27/Oct/2010:12:53:30 -0400] NSMMReplicationPlugin - Beginning total
> update of replica "agmt="cn=meTohostname636" (hostname:636)".
> [27/Oct/2010:12:53:42 -0400] NSMMReplicationPlugin -
> agmt="cn=meTohostname636" (hostname:636): Failed to send extended
> operation: LDAP error 81 (Can't contact LDAP server)
> [27/Oct/2010:12:53:43 -0400] NSMMReplicationPlugin -
> agmt="cn=mehostname636" (hostname:636): Received error 89: NULL for
> total update operation
> [27/Oct/2010:12:53:43 -0400] NSMMReplicationPlugin -
> agmt="cn=meTohostname636" (hostname:636): Received error 89: NULL for
> total update operation
> [27/Oct/2010:12:53:43 -0400] NSMMReplicationPlugin -
> agmt="cn=meTohostname636" (hostname:636): Received error 89: NULL for
> total update operation
> [---snip---]
>
> I'm at a loss as to what I can do next. Any help would be appreciated.
>
> Kambiz
>
>
More information about the Freeipa-users
mailing list