[Freeipa-users] ui login error and questions about replication

Tamas Papp tompos at martos.bme.hu
Tue Nov 5 23:23:33 UTC 2013 

On 11/05/2013 09:25 PM, Rich Megginson wrote:
> On 11/05/2013 01:03 PM, Tamas Papp wrote:
>> On 11/05/2013 03:58 PM, Rich Megginson wrote:
>>> On 11/05/2013 07:53 AM, Tamas Papp wrote:
>>>> On 11/05/2013 03:17 PM, Rich Megginson wrote:
>>>>> https://fedorahosted.org/389/ticket/47516
>>>>>
>>>>> This has been fixed upstream and in some releases - to allow
>>>>> replication to proceed despite excessive clock skew - what is your
>>>>> 389-ds-base version and platform?
>>>> What is the clock skewed? The date and time is the same on both
>>>> machines.
>>> VMs are notorious for having the clocks get out of sync - even
>>> temporarily.
>> What do you mean by this?
>> I definitely see the same time on the machines.
>> Also I can see in the log, that the replication is resumed. There is no
>> messages about the broken replication after the resume message.
>>
>>>> freeipa-admintools-3.3.2-1.fc19.x86_64
>>>> freeipa-client-3.3.2-1.fc19.x86_64
>>>> freeipa-python-3.3.2-1.fc19.x86_64
>>>> freeipa-server-3.3.2-1.fc19.x86_64
>>>> libipa_hbac-1.11.1-4.fc19.x86_64
>>>> libipa_hbac-python-1.11.1-4.fc19.x86_64
>>>> sssd-ipa-1.11.1-4.fc19.x86_64
>>>> 389-ds-base-libs-1.3.1.12-1.fc19.x86_64
>>>> 389-ds-base-1.3.1.12-1.fc19.x86_64
>>>>
>>>> Linux ipa31.bph.cxn 3.11.6-201.fc19.x86_64 #1 SMP Sat Nov 2
>>>> 14:09:09 UTC
>>>> 2013 x86_64 x86_64 x86_64 GNU/Linux
>>>> Fedora 19.
>>>>
>>>>
>>>> How can I fix it?
>>> ldapmodify -x -D "cn=directory manager" -W <<EOF
>>> dn: cn=config
>>> changetype: modify
>>> replace: nsslapd-ignore-time-skew
>>> nsslapd-ignore-time-skew: on
>>> EOF
>>>
>>> Do this on all of your servers.
>> I tried this, but no joy. Still not good:/
>
> Can you describe the exact steps you took, on all replicas?

I created ldif files:

# cat replication_ignore-time-skew.ldif
dn: cn=config
changetype: modify
replace: nsslapd-ignore-time-skew
nsslapd-ignore-time-skew: on

Then:

$ ldapmodify -x -D "cn=directory manager" -W -f
replication_ignore-time-skew.ldif



But I don't see the changes:

# ldapsearch -x|grep -i ignore
#

Probably you realized, I'm not an ldap expert:)
But I assume it's because it doesn't exist right now, therefore it
should be add ot modify?

I don't wan't to try it now, because currently it's working. Maybe when
it gets fail again.


Thanks,
tamas

More information about the Freeipa-users mailing list