[Freeipa-users] IPA Replica Issues (Total update abortedLDAP error: Can't contact LDAP server)
Rich Megginson
rmeggins at redhat.com
Tue Apr 1 19:22:30 UTC 2014
On 04/01/2014 01:16 PM, Nevada Sanchez wrote:
> 389-ds-base-1.3.1.22-1.fc19.x86_64
>
> The following, I think, summarizes the contents of the error log (I
> probably uninstalled and tried reimporting 2 or 3 times in what is shown).
>
> .
> .
> .
> [01/Apr/2014:03:42:46 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [01/Apr/2014:03:42:46 -0400] - check_and_set_import_cache: pagesize:
> 4096, pages: 1970554, procpages: 53717
> [01/Apr/2014:03:42:46 -0400] - Import allocates 3152884KB import cache.
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Beginning import job...
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Index buffering
> enabled with bucket size 100
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Processing file
> "/var/lib/dirsrv/boot.ldif"
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Finished scanning file
> "/var/lib/dirsrv/boot.ldif" (1 entries)
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Workers finished;
> cleaning up...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Cleaning up producer
> thread...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Generating
> numSubordinates complete.
> [01/Apr/2014:03:42:47 -0400] - Nothing to do to build ancestorid index
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Closing files...
> [01/Apr/2014:03:42:47 -0400] - All database threads now stopped
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Import complete.
> Processed 1 entries in 1 seconds. (1.00 entries/sec)
> [01/Apr/2014:03:42:47 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:03:42:47 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in
> the config file.
> [01/Apr/2014:03:42:48 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:03:42:48 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in
> the config file.
> [01/Apr/2014:03:42:48 -0400] - I'm resizing my cache now...cache was
> 3228553216 and is now 8000000
> [01/Apr/2014:03:42:48 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:03:42:48 -0400] - The change of nsslapd-ldapilisten will
> not take effect until the server is restarted
> [01/Apr/2014:03:43:01 -0400] - Warning: Adding configuration attribute
> "nsslapd-security"
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - signaling
> operation threads
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - waiting for 27
> threads to terminate
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [01/Apr/2014:03:43:01 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:03:43:02 -0400] - All database threads now stopped
> [01/Apr/2014:03:43:02 -0400] - slapd stopped.
> [01/Apr/2014:03:43:03 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for
> cipher AES in backend userRoot, attempting to create one...
> [01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher AES
> successfully generated and stored
> [01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for
> cipher 3DES in backend userRoot, attempting to create one...
> [01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher 3DES
> successfully generated and stored
> [01/Apr/2014:03:43:03 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:03:43:04 -0400] ipaenrollment_start - [file
> ipa_enrollment.c, line 393]: Failed to get default realm?!
> [01/Apr/2014:03:43:04 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:03:43:04 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [01/Apr/2014:03:43:04 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:03:43:04 -0400] - slapd shutting down - signaling
> operation threads
> [01/Apr/2014:03:43:04 -0400] - slapd shutting down - waiting for 27
> threads to terminate
> [01/Apr/2014:03:43:05 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [01/Apr/2014:03:43:05 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:03:43:05 -0400] - All database threads now stopped
> [01/Apr/2014:03:43:05 -0400] - slapd stopped.
> [01/Apr/2014:03:43:06 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:03:43:06 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:03:43:06 -0400] ipaenrollment_start - [file
> ipa_enrollment.c, line 393]: Failed to get default realm?!
> [01/Apr/2014:03:43:06 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:03:43:06 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [01/Apr/2014:03:43:06 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
> agmt="cn=meToipa.example.com <http://meToipa.example.com>" (ipa:389):
> The remote replica has a different database generation ID than the
> local database. You may have to reinitialize the remote replica, or
> the local replica.
> [01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is going
> offline; disabling replication
> [01/Apr/2014:03:43:08 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Workers finished;
> cleaning up...
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Generating
> numSubordinates complete.
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Closing files...
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Import complete.
> Processed 453 entries in 4 seconds. (113.25 entries/sec)
> [01/Apr/2014:03:43:12 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is coming
> online; enabling replication
> [01/Apr/2014:03:43:12 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [01/Apr/2014:03:43:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:43:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:48:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:48:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:53:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:53:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:58:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:58:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:03:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:03:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:08:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:08:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:13:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:13:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:18:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:18:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:23:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:23:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:28:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:28:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:33:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:33:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:38:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:38:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:43:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:43:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:48:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:48:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:53:19 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:53:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:58:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:58:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:03:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:03:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:08:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:08:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:13:18 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:13:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:36 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:36 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:41 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:41 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:46 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:46 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:58 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:58 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - signaling
> operation threads
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - waiting for 28
> threads to terminate
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [01/Apr/2014:05:15:01 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:15:01 -0400] - All database threads now stopped
> [01/Apr/2014:05:15:01 -0400] - slapd stopped.
> [01/Apr/2014:05:27:38 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [01/Apr/2014:05:27:38 -0400] - check_and_set_import_cache: pagesize:
> 4096, pages: 1970554, procpages: 53717
> [01/Apr/2014:05:27:38 -0400] - Import allocates 3152884KB import cache.
> [01/Apr/2014:05:27:38 -0400] - import userRoot: Beginning import job...
> [01/Apr/2014:05:27:38 -0400] - import userRoot: Index buffering
> enabled with bucket size 100
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Processing file
> "/var/lib/dirsrv/boot.ldif"
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Finished scanning file
> "/var/lib/dirsrv/boot.ldif" (1 entries)
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Workers finished;
> cleaning up...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Cleaning up producer
> thread...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Generating
> numSubordinates complete.
> [01/Apr/2014:05:27:39 -0400] - Nothing to do to build ancestorid index
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Closing files...
> [01/Apr/2014:05:27:40 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:40 -0400] - import userRoot: Import complete.
> Processed 1 entries in 2 seconds. (0.50 entries/sec)
> [01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in
> the config file.
> [01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in
> the config file.
> [01/Apr/2014:05:27:40 -0400] - I'm resizing my cache now...cache was
> 3228553216 and is now 8000000
> [01/Apr/2014:05:27:41 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:05:27:41 -0400] - The change of nsslapd-ldapilisten will
> not take effect until the server is restarted
> [01/Apr/2014:05:27:54 -0400] - Warning: Adding configuration attribute
> "nsslapd-security"
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - signaling
> operation threads
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - waiting for 28
> threads to terminate
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [01/Apr/2014:05:27:54 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:27:55 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:55 -0400] - slapd stopped.
> [01/Apr/2014:05:27:56 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for
> cipher AES in backend userRoot, attempting to create one...
> [01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher AES
> successfully generated and stored
> [01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for
> cipher 3DES in backend userRoot, attempting to create one...
> [01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher 3DES
> successfully generated and stored
> [01/Apr/2014:05:27:56 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:05:27:56 -0400] ipaenrollment_start - [file
> ipa_enrollment.c, line 393]: Failed to get default realm?!
> [01/Apr/2014:05:27:56 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:05:27:56 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [01/Apr/2014:05:27:56 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:05:27:56 -0400] - slapd shutting down - signaling
> operation threads
> [01/Apr/2014:05:27:56 -0400] - slapd shutting down - waiting for 29
> threads to terminate
> [01/Apr/2014:05:27:57 -0400] - slapd shutting down - closing down
> internal subsystems and plugins
> [01/Apr/2014:05:27:57 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:27:57 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:57 -0400] - slapd stopped.
> [01/Apr/2014:05:27:58 -0400] - 389-Directory/1.3.1.22.a1
> B2014.073.1751 starting up
> [01/Apr/2014:05:27:59 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:05:27:59 -0400] ipaenrollment_start - [file
> ipa_enrollment.c, line 393]: Failed to get default realm?!
> [01/Apr/2014:05:27:59 -0400] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [01/Apr/2014:05:27:59 -0400] - Listening on All Interfaces port 636
> for LDAPS requests
> [01/Apr/2014:05:27:59 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
> agmt="cn=meToipa.example.com <http://meToipa.example.com>" (ipa:389):
> The remote replica has a different database generation ID than the
> local database. You may have to reinitialize the remote replica, or
> the local replica.
> [01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is going
> offline; disabling replication
> [01/Apr/2014:05:28:01 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [01/Apr/2014:05:28:04 -0400] - import userRoot: Workers finished;
> cleaning up...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Generating
> numSubordinates complete.
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Closing files...
> [01/Apr/2014:05:28:06 -0400] - import userRoot: Import complete.
> Processed 453 entries in 5 seconds. (90.60 entries/sec)
> [01/Apr/2014:05:28:06 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is coming
> online; enabling replication
> [01/Apr/2014:05:28:06 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [01/Apr/2014:05:32:38 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:32:38 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> .
> .
> .
> [01/Apr/2014:13:12:39 -0400] ipalockout_preop - [file ipa_lockout.c,
> line 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:13:12:39 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
This seems bad, but I'm not sure if this is the root of the replication
problem.
>
>
>
> On Tue, Apr 1, 2014 at 1:13 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 04/01/2014 03:46 AM, Nevada Sanchez wrote:
>> I've had a replica working with FreeIPA 3.2.1 for awhile. After
>> upgrading to 3.3.4, the replica wouldn't recognize my admin login
>> anymore. After much troubleshooting, I decided to try to redo the
>> replica since it was quite straightforward when I first set it up
>> (what could go wrong, right?)
> What is your version of 389-ds-base? rpm -q 389-ds-base
>
> What is in your dirsrv errors log?
> /var/log/dirsrv/slapd-DOMAIN-TLD/errors
>
>>
>> Unfortunately, I've spent most of my day trying to get the
>> replica to work this time. I've tried turning off all firewalls
>> on both machines, rebooting both machines, upgrading all packages
>> on both machines (both are running Fedora 19), reinstalling
>> FreeIPA packages, and several other things, but I keep getting
>> stuck at the same step (see output below).
>>
>> =================================================================
>> [root at ipa2 ipaserver]# ipa-replica-install --setup-dns
>> --no-forwarders /var/lib/ipa/replica-info-ipa2.example.com.gpg
>> WARNING: conflicting time&date synchronization service 'chronyd' will
>> be disabled in favor of ntpd
>>
>> Run connection check to master
>> Check connection from replica to remote master 'ipa.example.com
>> <http://ipa.example.com>':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> The following list of ports use UDP protocol and would need to be
>> checked manually:
>> Kerberos KDC: UDP (88): SKIPPED
>> Kerberos Kpasswd: UDP (464): SKIPPED
>>
>> Connection from replica to master is OK.
>> Start listening on required ports for remote master check
>> Get credentials to log in to remote master
>> Check SSH connection to remote master
>> Execute check on remote master
>> Check connection from master to remote replica 'ipa2.example.com
>> <http://ipa2.example.com>':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos KDC: UDP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> Kerberos Kpasswd: UDP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> Connection from master to replica is OK.
>>
>> Connection check OK
>> Configuring NTP daemon (ntpd)
>> [1/4]: stopping ntpd
>> [2/4]: writing configuration
>> [3/4]: configuring ntpd to start on boot
>> [4/4]: starting ntpd
>> Done configuring NTP daemon (ntpd).
>> Configuring directory server (dirsrv): Estimated time 1 minute
>> [1/34]: creating directory server user
>> [2/34]: creating directory server instance
>> [3/34]: adding default schema
>> [4/34]: enabling memberof plugin
>> [5/34]: enabling winsync plugin
>> [6/34]: configuring replication version plugin
>> [7/34]: enabling IPA enrollment plugin
>> [8/34]: enabling ldapi
>> [9/34]: configuring uniqueness plugin
>> [10/34]: configuring uuid plugin
>> [11/34]: configuring modrdn plugin
>> [12/34]: configuring DNS plugin
>> [13/34]: enabling entryUSN plugin
>> [14/34]: configuring lockout plugin
>> [15/34]: creating indices
>> [16/34]: enabling referential integrity plugin
>> [17/34]: configuring ssl for ds instance
>> [18/34]: configuring certmap.conf
>> [19/34]: configure autobind for root
>> [20/34]: configure new location for managed entries
>> [21/34]: configure dirsrv ccache
>> [22/34]: enable SASL mapping fallback
>> [23/34]: restarting directory server
>> [24/34]: setting up initial replication
>> Starting replication, please wait until this has completed.
>> Update in progress, 5 seconds elapsed
>> [ipa.example.com <http://ipa.example.com>] reports: Update
>> failed! Status: [-1 Total update abortedLDAP error: Can't contact
>> LDAP server]
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Failed to start replication
>> =================================================================
>>
>> I've confirmed that I can do ldapsearch from each machine to the
>> other one for the replica status records (through ldap and
>> ldaps), so I know that they can communicate. Trouble is,
>> something behind the scenes is throwing the status error (as seen
>> in the nsds5ReplicaLastInitStatus attribute).
>>
>> =================================================================
>> [root at ipa2 ipaserver]# ldapsearch ldaps://ipa.example.com:636
>> <http://ipa.example.com:636> -D 'cn=Directory Manager' -w #####
>> -b 'cn=meToipa2.example.com
>> <http://meToipa2.example.com>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
>> tree,cn=config' '(objectClass=*)' -s base
>> nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress
>> nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh
>> nsds5ReplicaLastInitEnd
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=meToipa2.example.com
>> <http://meToipa2.example.com>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
>> tree,cn=config> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: ldaps://ipa.example.com:636
>> <http://ipa.example.com:636> (objectClass=*)
>> nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress
>> nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh
>> nsds5ReplicaLastInitEnd
>> #
>>
>> # meToipa2.example.com <http://meToipa2.example.com>, replica,
>> dc\3Dexample\2Cdc\3Dcom,
>> mapping tree, config
>> dn: cn=meToipa2.example.com
>> <http://meToipa2.example.com>,cn=replica,cn=dc\3Dexample\2Cd
>> c\3Dcom,cn=mapping tree,cn=config
>> nsds5ReplicaLastInitStart: 20140401092800Z
>> nsds5replicaUpdateInProgress: FALSE
>> nsds5ReplicaLastInitStatus: -1 Total update abortedLDAP error:
>> Can't contact L
>> DAP server
>> cn: meToipa2.example.com <http://meToipa2.example.com>
>> nsds5ReplicaLastInitEnd: 20140401092804Z
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> =================================================================
>>
>> I'd really love for someone to help out with this, as I can't
>> afford another entire night trying to figure this out. Thanks in
>> advance!
>>
>> -Nevada
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140401/7a0d56ff/attachment.htm>
More information about the Freeipa-users
mailing list