[Freeipa-users] probems installin freeipa v2

Wed Sep 22 03:28:33 UTC 2010

Steven Jones wrote:
> access log,
>
> [22/Sep/2010:14:22:39 +1200] conn=48 fd=65 slot=65 connection from 127.0.0.1 to 127.0.0.1
> [22/Sep/2010:14:22:39 +1200] conn=48 op=0 BIND dn="" method=128 version=3
> [22/Sep/2010:14:22:39 +1200] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
> [22/Sep/2010:14:22:39 +1200] conn=48 op=1 SRCH base="dc=vuw,dc=ac,dc=nz" scope=2 filter="(&(cn=pulse-rt)(objectClass=posixGroup))" attrs="objectClass cn userPassword gidNumber member nsUniqueId modifyTimestamp"
> [22/Sep/2010:14:22:39 +1200] conn=48 op=1 RESULT err=0 tag=101 nentries=0 etime=0
> [22/Sep/2010:14:23:57 +1200] conn=49 fd=66 slot=66 SSL connection from 130.195.53.104 to 130.195.53.104
> [22/Sep/2010:14:23:57 +1200] conn=49 SSL 256-bit AES
> [22/Sep/2010:14:23:57 +1200] conn=49 op=0 BIND dn="cn=directory manager" method=128 version=3
> [22/Sep/2010:14:23:57 +1200] conn=49 op=0 RESULT err=49 tag=97 nentries=0 etime=0
> [22/Sep/2010:14:23:57 +1200] conn=49 op=1 UNBIND
> [22/Sep/2010:14:23:57 +1200] conn=49 op=1 fd=66 closed - U1
> [22/Sep/2010:14:24:02 +1200] conn=50 fd=66 slot=66 SSL connection from 130.195.53.104 to 130.195.53.104
> [22/Sep/2010:14:24:02 +1200] conn=50 SSL 256-bit AES
> [22/Sep/2010:14:24:02 +1200] conn=50 op=0 BIND dn="cn=directory manager" method=128 version=3
> [22/Sep/2010:14:24:02 +1200] conn=50 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
> [22/Sep/2010:14:24:02 +1200] conn=50 op=1 SRCH base="cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-instancedir nsslapd-errorlog nsslapd-certdir nsslapd-schemadir"
> [22/Sep/2010:14:24:02 +1200] conn=50 op=1 RESULT err=0 tag=101 nentries=1 etime=0
> [22/Sep/2010:14:24:02 +1200] conn=50 op=2 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory"
> [22/Sep/2010:14:24:02 +1200] conn=50 op=2 RESULT err=0 tag=101 nentries=1 etime=0
> [22/Sep/2010:14:24:02 +1200] conn=50 op=3 SRCH base="cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDSWindowsReplicationAgreement)(objectClass=nsds5ReplicationAgreement))" attrs=ALL
> [22/Sep/2010:14:24:02 +1200] conn=50 op=3 RESULT err=0 tag=101 nentries=1 etime=0
> [22/Sep/2010:14:24:02 +1200] conn=50 op=4 SRCH base="cn=meTovuwwincodc00001.vuw.ac.nz636, cn=replica, cn=\22dc=vuw,dc=ac,dc=nz\22, cn=mapping tree, cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
> [22/Sep/2010:14:24:02 +1200] conn=50 op=4 RESULT err=0 tag=101 nentries=1 etime=0
> [22/Sep/2010:14:24:02 +1200] conn=50 op=5 UNBIND
> [22/Sep/2010:14:24:02 +1200] conn=50 op=5 fd=66 closed - U1
> [22/Sep/2010:14:33:36 +1200] conn=51 fd=66 slot=66 SSL connection from 130.195.53.104 to 130.195.53.104
> [22/Sep/2010:14:33:36 +1200] conn=51 SSL 256-bit AES
> [22/Sep/2010:14:33:36 +1200] conn=51 op=0 BIND dn="cn=directory manager" method=128 version=3
> [22/Sep/2010:14:33:36 +1200] conn=51 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
> [22/Sep/2010:14:33:36 +1200] conn=51 op=1 SRCH base="cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-instancedir nsslapd-errorlog nsslapd-certdir nsslapd-schemadir"
> [22/Sep/2010:14:33:36 +1200] conn=51 op=1 RESULT err=0 tag=101 nentries=1 etime=0
> [22/Sep/2010:14:33:36 +1200] conn=51 op=2 SRCH base="cn=config,cn=ldbm database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" attrs="nsslapd-directory"
> [22/Sep/2010:14:33:36 +1200] conn=51 op=2 RESULT err=0 tag=101 nentries=1 etime=0
>   
The time corresponds to this from the errors log:
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - signaling operation 
threads
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - closing down 
internal subsystems and plugins

But a SRCH operation should not trigger a shutdown.

Not sure what's going on here.

Can you reliably reproduce this behavior after restarting directory server?
> Steven Jones Technical Specialist Linux/Vmware
> Tele 64 4 463 6272
> Victoria University
> Kelburn
> New Zealand
>
>
> -----Original Message-----
> From: Rich Megginson [mailto:rmeggins at redhat.com] 
> Sent: Wednesday, 22 September 2010 2:45 p.m.
> To: Steven Jones
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] probems installin freeipa v2
>
> Steven Jones wrote:
>   
>> Hi,
>>
>> Ok, it isnt crashing the LDAP server/service its doing a shutdown of it according to the error log...
>>   
>>     
> What exactly do you see in the error log?  Can you provide excerpts?  
> Can you also provide excerpts of the access log from around the time of 
> the shutdown?
>   
>> So while a sync is happening the LDAP server is offline?
>>   
>>     
> No, not possible.  Something is going wrong.
>   
>> How long should this take?
>>
>> 30secs?
>>
>> 3mins?
>>
>> 30mins?
>>
>> regards
>>
>> Steven Jones Technical Specialist Linux/Vmware
>> Tele 64 4 463 6272
>> Victoria University
>> Kelburn
>> New Zealand
>>
>>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Steven Jones
>> Sent: Wednesday, 22 September 2010 2:27 p.m.
>> To: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] probems installin freeipa v2
>>
>> For ipa-replica-manage list
>>
>> The output is my AD
>>
>> vuwwincodc00001.vuw.ac.nz
>>
>>
>> regards
>>
>> Steven Jones Technical Specialist Linux/Vmware
>> Tele 64 4 463 6272
>> Victoria University
>> Kelburn
>> New Zealand
>>
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcritten at redhat.com] 
>> Sent: Wednesday, 22 September 2010 2:20 p.m.
>> To: Steven Jones
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] probems installin freeipa v2
>>
>> Steven Jones wrote:
>>   
>>     
>>> Hi,
>>>
>>> yes I think you are correct, --binpw is ndded except running this crashed the LDAP server....or sends it off to zombie land and I have to reboot it!
>>>
>>>
>>> ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com --bindpw<domain admin password>  \
>>> --cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin password>     -v
>>>
>>> Is there a log somewhere to look for why?
>>>     
>>>       
>> Crashed which LDAP server? Logs are in /var/log/dirsrv-YOUR_INSTANCE_NAME.
>>
>> Can you provide the output of ipa-replica-manage?
>>
>> rob
>>
>>   
>>     
>>> regards
>>>
>>> Steven Jones Technical Specialist Linux/Vmware
>>> Tele 64 4 463 6272
>>> Victoria University
>>> Kelburn
>>> New Zealand
>>>
>>>
>>> -----Original Message-----
>>> From: Rob Crittenden [mailto:rcritten at redhat.com]
>>> Sent: Wednesday, 22 September 2010 1:57 p.m.
>>> To: Steven Jones
>>> Cc: Freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] probems installin freeipa v2
>>>
>>> Steven Jones wrote:
>>>     
>>>       
>>>> This time I copied the output from the ldapsearch command
>>>>
>>>> "dn: cn=ipa_pwd_extop,cn=plugins,cn=config"
>>>>
>>>> and it worked...
>>>>       
>>>>         
>>> Cosmic rays maybe, those strings look identical to me. Glad its working
>>> now in any case.
>>>
>>>     
>>>       
>>>> ?
>>>>
>>>> So, section 4.4
>>>>
>>>> ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \
>>>> --bindpw password --cacert /path/to/certfile.cer adserver.example.com -v
>>>>
>>>> This appears to be wrong?
>>>>
>>>> It should be,
>>>>
>>>> ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com \
>>>> --cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin password>     -v
>>>>
>>>>       
>>>>         
>>> You're right in that --passsync is required but --bindpw should also be
>>> required.
>>>
>>> I filed https://bugzilla.redhat.com/show_bug.cgi?id=636377 for this.
>>>
>>> rob
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>     
>>>       
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>   
>>     
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>   