[Freeipa-users] ui login error and questions about replication

Tamas Papp tompos at martos.bme.hu
Wed Nov 6 13:18:07 UTC 2013 

On 11/06/2013 02:08 AM, Rich Megginson wrote:
> On 11/05/2013 04:23 PM, Tamas Papp wrote:
>> On 11/05/2013 09:25 PM, Rich Megginson wrote:
>>> On 11/05/2013 01:03 PM, Tamas Papp wrote:
>>>> On 11/05/2013 03:58 PM, Rich Megginson wrote:
>>>>> On 11/05/2013 07:53 AM, Tamas Papp wrote:
>>>>>> On 11/05/2013 03:17 PM, Rich Megginson wrote:
>>>>>>> https://fedorahosted.org/389/ticket/47516
>>>>>>>
>>>>>>> This has been fixed upstream and in some releases - to allow
>>>>>>> replication to proceed despite excessive clock skew - what is your
>>>>>>> 389-ds-base version and platform?
>>>>>> What is the clock skewed? The date and time is the same on both
>>>>>> machines.
>>>>> VMs are notorious for having the clocks get out of sync - even
>>>>> temporarily.
>>>> What do you mean by this?
>>>> I definitely see the same time on the machines.
>>>> Also I can see in the log, that the replication is resumed. There
>>>> is no
>>>> messages about the broken replication after the resume message.
>>>>
>>>>>> freeipa-admintools-3.3.2-1.fc19.x86_64
>>>>>> freeipa-client-3.3.2-1.fc19.x86_64
>>>>>> freeipa-python-3.3.2-1.fc19.x86_64
>>>>>> freeipa-server-3.3.2-1.fc19.x86_64
>>>>>> libipa_hbac-1.11.1-4.fc19.x86_64
>>>>>> libipa_hbac-python-1.11.1-4.fc19.x86_64
>>>>>> sssd-ipa-1.11.1-4.fc19.x86_64
>>>>>> 389-ds-base-libs-1.3.1.12-1.fc19.x86_64
>>>>>> 389-ds-base-1.3.1.12-1.fc19.x86_64
>>>>>>
>>>>>> Linux ipa31.bph.cxn 3.11.6-201.fc19.x86_64 #1 SMP Sat Nov 2
>>>>>> 14:09:09 UTC
>>>>>> 2013 x86_64 x86_64 x86_64 GNU/Linux
>>>>>> Fedora 19.
>>>>>>
>>>>>>
>>>>>> How can I fix it?
>>>>> ldapmodify -x -D "cn=directory manager" -W <<EOF
>>>>> dn: cn=config
>>>>> changetype: modify
>>>>> replace: nsslapd-ignore-time-skew
>>>>> nsslapd-ignore-time-skew: on
>>>>> EOF
>>>>>
>>>>> Do this on all of your servers.
>>>> I tried this, but no joy. Still not good:/
>>> Can you describe the exact steps you took, on all replicas?
>> I created ldif files:
>>
>> # cat replication_ignore-time-skew.ldif
>> dn: cn=config
>> changetype: modify
>> replace: nsslapd-ignore-time-skew
>> nsslapd-ignore-time-skew: on
>>
>> Then:
>>
>> $ ldapmodify -x -D "cn=directory manager" -W -f
>> replication_ignore-time-skew.ldif
>>
>>
>>
>> But I don't see the changes:
>>
>> # ldapsearch -x|grep -i ignore
> ldapsearch -x -D "cn=directory manager" -W -s base -b cn=config
> 'objectclass=*' nsslapd-ignore-time-skew

You're right, I tried it with wrong base dn.

Thanks,
tamas

More information about the Freeipa-users mailing list