[Freeipa-users] IPA Replica Issues (Total update abortedLDAP error: Can't contact LDAP server)
Nevada Sanchez
sanchez.nevada at gmail.com
Tue Apr 1 19:16:58 UTC 2014
389-ds-base-1.3.1.22-1.fc19.x86_64
The following, I think, summarizes the contents of the error log (I
probably uninstalled and tried reimporting 2 or 3 times in what is shown).
.
.
.
[01/Apr/2014:03:42:46 -0400] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[01/Apr/2014:03:42:46 -0400] - check_and_set_import_cache: pagesize: 4096,
pages: 1970554, procpages: 53717
[01/Apr/2014:03:42:46 -0400] - Import allocates 3152884KB import cache.
[01/Apr/2014:03:42:46 -0400] - import userRoot: Beginning import job...
[01/Apr/2014:03:42:46 -0400] - import userRoot: Index buffering enabled
with bucket size 100
[01/Apr/2014:03:42:46 -0400] - import userRoot: Processing file
"/var/lib/dirsrv/boot.ldif"
[01/Apr/2014:03:42:46 -0400] - import userRoot: Finished scanning file
"/var/lib/dirsrv/boot.ldif" (1 entries)
[01/Apr/2014:03:42:46 -0400] - import userRoot: Workers finished; cleaning
up...
[01/Apr/2014:03:42:47 -0400] - import userRoot: Workers cleaned up.
[01/Apr/2014:03:42:47 -0400] - import userRoot: Cleaning up producer
thread...
[01/Apr/2014:03:42:47 -0400] - import userRoot: Indexing complete.
Post-processing...
[01/Apr/2014:03:42:47 -0400] - import userRoot: Generating numSubordinates
complete.
[01/Apr/2014:03:42:47 -0400] - Nothing to do to build ancestorid index
[01/Apr/2014:03:42:47 -0400] - import userRoot: Flushing caches...
[01/Apr/2014:03:42:47 -0400] - import userRoot: Closing files...
[01/Apr/2014:03:42:47 -0400] - All database threads now stopped
[01/Apr/2014:03:42:47 -0400] - import userRoot: Import complete. Processed
1 entries in 1 seconds. (1.00 entries/sec)
[01/Apr/2014:03:42:47 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:03:42:47 -0400] - Db home directory is not set. Possibly
nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
config file.
[01/Apr/2014:03:42:48 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:03:42:48 -0400] - Db home directory is not set. Possibly
nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
config file.
[01/Apr/2014:03:42:48 -0400] - I'm resizing my cache now...cache was
3228553216 and is now 8000000
[01/Apr/2014:03:42:48 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:03:42:48 -0400] - The change of nsslapd-ldapilisten will not
take effect until the server is restarted
[01/Apr/2014:03:43:01 -0400] - Warning: Adding configuration attribute
"nsslapd-security"
[01/Apr/2014:03:43:01 -0400] - slapd shutting down - signaling operation
threads
[01/Apr/2014:03:43:01 -0400] - slapd shutting down - waiting for 27 threads
to terminate
[01/Apr/2014:03:43:01 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[01/Apr/2014:03:43:01 -0400] - Waiting for 4 database threads to stop
[01/Apr/2014:03:43:02 -0400] - All database threads now stopped
[01/Apr/2014:03:43:02 -0400] - slapd stopped.
[01/Apr/2014:03:43:03 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher
AES in backend userRoot, attempting to create one...
[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher AES successfully
generated and stored
[01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher
3DES in backend userRoot, attempting to create one...
[01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher 3DES successfully
generated and stored
[01/Apr/2014:03:43:03 -0400] ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[01/Apr/2014:03:43:04 -0400] ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!
[01/Apr/2014:03:43:04 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:03:43:04 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[01/Apr/2014:03:43:04 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[01/Apr/2014:03:43:04 -0400] - slapd shutting down - signaling operation
threads
[01/Apr/2014:03:43:04 -0400] - slapd shutting down - waiting for 27 threads
to terminate
[01/Apr/2014:03:43:05 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[01/Apr/2014:03:43:05 -0400] - Waiting for 4 database threads to stop
[01/Apr/2014:03:43:05 -0400] - All database threads now stopped
[01/Apr/2014:03:43:05 -0400] - slapd stopped.
[01/Apr/2014:03:43:06 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:03:43:06 -0400] ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[01/Apr/2014:03:43:06 -0400] ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!
[01/Apr/2014:03:43:06 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:03:43:06 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[01/Apr/2014:03:43:06 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin - agmt="cn=
meToipa.example.com" (ipa:389): The remote replica has a different database
generation ID than the local database. You may have to reinitialize the
remote replica, or the local replica.
[01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is going offline;
disabling replication
[01/Apr/2014:03:43:08 -0400] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers finished; cleaning
up...
[01/Apr/2014:03:43:11 -0400] - import userRoot: Workers cleaned up.
[01/Apr/2014:03:43:11 -0400] - import userRoot: Indexing complete.
Post-processing...
[01/Apr/2014:03:43:11 -0400] - import userRoot: Generating numSubordinates
complete.
[01/Apr/2014:03:43:12 -0400] - import userRoot: Flushing caches...
[01/Apr/2014:03:43:12 -0400] - import userRoot: Closing files...
[01/Apr/2014:03:43:12 -0400] - import userRoot: Import complete. Processed
453 entries in 4 seconds. (113.25 entries/sec)
[01/Apr/2014:03:43:12 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is coming online;
enabling replication
[01/Apr/2014:03:43:12 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should
be added before the CoS Definition.
[01/Apr/2014:03:43:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:43:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:48:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:48:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:53:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:58:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:03:58:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:08:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:13:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:18:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:18:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:23:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:23:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:28:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:28:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:33:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:33:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:38:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:38:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:43:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:43:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:48:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:48:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:53:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:58:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:04:58:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:08:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:13:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:36 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:36 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:41 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:41 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:46 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:46 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:58 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:14:58 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:15:00 -0400] - slapd shutting down - signaling operation
threads
[01/Apr/2014:05:15:00 -0400] - slapd shutting down - waiting for 28 threads
to terminate
[01/Apr/2014:05:15:00 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[01/Apr/2014:05:15:01 -0400] - Waiting for 4 database threads to stop
[01/Apr/2014:05:15:01 -0400] - All database threads now stopped
[01/Apr/2014:05:15:01 -0400] - slapd stopped.
[01/Apr/2014:05:27:38 -0400] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[01/Apr/2014:05:27:38 -0400] - check_and_set_import_cache: pagesize: 4096,
pages: 1970554, procpages: 53717
[01/Apr/2014:05:27:38 -0400] - Import allocates 3152884KB import cache.
[01/Apr/2014:05:27:38 -0400] - import userRoot: Beginning import job...
[01/Apr/2014:05:27:38 -0400] - import userRoot: Index buffering enabled
with bucket size 100
[01/Apr/2014:05:27:39 -0400] - import userRoot: Processing file
"/var/lib/dirsrv/boot.ldif"
[01/Apr/2014:05:27:39 -0400] - import userRoot: Finished scanning file
"/var/lib/dirsrv/boot.ldif" (1 entries)
[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers finished; cleaning
up...
[01/Apr/2014:05:27:39 -0400] - import userRoot: Workers cleaned up.
[01/Apr/2014:05:27:39 -0400] - import userRoot: Cleaning up producer
thread...
[01/Apr/2014:05:27:39 -0400] - import userRoot: Indexing complete.
Post-processing...
[01/Apr/2014:05:27:39 -0400] - import userRoot: Generating numSubordinates
complete.
[01/Apr/2014:05:27:39 -0400] - Nothing to do to build ancestorid index
[01/Apr/2014:05:27:39 -0400] - import userRoot: Flushing caches...
[01/Apr/2014:05:27:39 -0400] - import userRoot: Closing files...
[01/Apr/2014:05:27:40 -0400] - All database threads now stopped
[01/Apr/2014:05:27:40 -0400] - import userRoot: Import complete. Processed
1 entries in 2 seconds. (0.50 entries/sec)
[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
config file.
[01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
config file.
[01/Apr/2014:05:27:40 -0400] - I'm resizing my cache now...cache was
3228553216 and is now 8000000
[01/Apr/2014:05:27:41 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:05:27:41 -0400] - The change of nsslapd-ldapilisten will not
take effect until the server is restarted
[01/Apr/2014:05:27:54 -0400] - Warning: Adding configuration attribute
"nsslapd-security"
[01/Apr/2014:05:27:54 -0400] - slapd shutting down - signaling operation
threads
[01/Apr/2014:05:27:54 -0400] - slapd shutting down - waiting for 28 threads
to terminate
[01/Apr/2014:05:27:54 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[01/Apr/2014:05:27:54 -0400] - Waiting for 4 database threads to stop
[01/Apr/2014:05:27:55 -0400] - All database threads now stopped
[01/Apr/2014:05:27:55 -0400] - slapd stopped.
[01/Apr/2014:05:27:56 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher
AES in backend userRoot, attempting to create one...
[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher AES successfully
generated and stored
[01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher
3DES in backend userRoot, attempting to create one...
[01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher 3DES successfully
generated and stored
[01/Apr/2014:05:27:56 -0400] ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[01/Apr/2014:05:27:56 -0400] ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!
[01/Apr/2014:05:27:56 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:05:27:56 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[01/Apr/2014:05:27:56 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[01/Apr/2014:05:27:56 -0400] - slapd shutting down - signaling operation
threads
[01/Apr/2014:05:27:56 -0400] - slapd shutting down - waiting for 29 threads
to terminate
[01/Apr/2014:05:27:57 -0400] - slapd shutting down - closing down internal
subsystems and plugins
[01/Apr/2014:05:27:57 -0400] - Waiting for 4 database threads to stop
[01/Apr/2014:05:27:57 -0400] - All database threads now stopped
[01/Apr/2014:05:27:57 -0400] - slapd stopped.
[01/Apr/2014:05:27:58 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
starting up
[01/Apr/2014:05:27:59 -0400] ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
[01/Apr/2014:05:27:59 -0400] ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!
[01/Apr/2014:05:27:59 -0400] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[01/Apr/2014:05:27:59 -0400] - Listening on All Interfaces port 636 for
LDAPS requests
[01/Apr/2014:05:27:59 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin - agmt="cn=
meToipa.example.com" (ipa:389): The remote replica has a different database
generation ID than the local database. You may have to reinitialize the
remote replica, or the local replica.
[01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is going offline;
disabling replication
[01/Apr/2014:05:28:01 -0400] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database
[01/Apr/2014:05:28:04 -0400] - import userRoot: Workers finished; cleaning
up...
[01/Apr/2014:05:28:05 -0400] - import userRoot: Workers cleaned up.
[01/Apr/2014:05:28:05 -0400] - import userRoot: Indexing complete.
Post-processing...
[01/Apr/2014:05:28:05 -0400] - import userRoot: Generating numSubordinates
complete.
[01/Apr/2014:05:28:05 -0400] - import userRoot: Flushing caches...
[01/Apr/2014:05:28:05 -0400] - import userRoot: Closing files...
[01/Apr/2014:05:28:06 -0400] - import userRoot: Import complete. Processed
453 entries in 5 seconds. (90.60 entries/sec)
[01/Apr/2014:05:28:06 -0400] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=example,dc=com is coming online;
enabling replication
[01/Apr/2014:05:28:06 -0400] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should
be added before the CoS Definition.
[01/Apr/2014:05:32:38 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:05:32:38 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
.
.
.
[01/Apr/2014:13:12:39 -0400] ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
[01/Apr/2014:13:12:39 -0400] ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
On Tue, Apr 1, 2014 at 1:13 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 04/01/2014 03:46 AM, Nevada Sanchez wrote:
>
> I've had a replica working with FreeIPA 3.2.1 for awhile. After upgrading
> to 3.3.4, the replica wouldn't recognize my admin login anymore. After much
> troubleshooting, I decided to try to redo the replica since it was quite
> straightforward when I first set it up (what could go wrong, right?)
>
> What is your version of 389-ds-base? rpm -q 389-ds-base
>
> What is in your dirsrv errors log? /var/log/dirsrv/slapd-DOMAIN-TLD/errors
>
>
> Unfortunately, I've spent most of my day trying to get the replica to
> work this time. I've tried turning off all firewalls on both machines,
> rebooting both machines, upgrading all packages on both machines (both are
> running Fedora 19), reinstalling FreeIPA packages, and several other
> things, but I keep getting stuck at the same step (see output below).
>
> =================================================================
> [root at ipa2 ipaserver]# ipa-replica-install --setup-dns --no-forwarders
> /var/lib/ipa/replica-info-ipa2.example.com.gpg
> WARNING: conflicting time&date synchronization service 'chronyd' will
> be disabled in favor of ntpd
>
> Run connection check to master
> Check connection from replica to remote master 'ipa.example.com':
> Directory Service: Unsecure port (389): OK
> Directory Service: Secure port (636): OK
> Kerberos KDC: TCP (88): OK
> Kerberos Kpasswd: TCP (464): OK
> HTTP Server: Unsecure port (80): OK
> HTTP Server: Secure port (443): OK
>
> The following list of ports use UDP protocol and would need to be
> checked manually:
> Kerberos KDC: UDP (88): SKIPPED
> Kerberos Kpasswd: UDP (464): SKIPPED
>
> Connection from replica to master is OK.
> Start listening on required ports for remote master check
> Get credentials to log in to remote master
> Check SSH connection to remote master
> Execute check on remote master
> Check connection from master to remote replica 'ipa2.example.com':
> Directory Service: Unsecure port (389): OK
> Directory Service: Secure port (636): OK
> Kerberos KDC: TCP (88): OK
> Kerberos KDC: UDP (88): OK
> Kerberos Kpasswd: TCP (464): OK
> Kerberos Kpasswd: UDP (464): OK
> HTTP Server: Unsecure port (80): OK
> HTTP Server: Secure port (443): OK
>
> Connection from master to replica is OK.
>
> Connection check OK
> Configuring NTP daemon (ntpd)
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> Done configuring NTP daemon (ntpd).
> Configuring directory server (dirsrv): Estimated time 1 minute
> [1/34]: creating directory server user
> [2/34]: creating directory server instance
> [3/34]: adding default schema
> [4/34]: enabling memberof plugin
> [5/34]: enabling winsync plugin
> [6/34]: configuring replication version plugin
> [7/34]: enabling IPA enrollment plugin
> [8/34]: enabling ldapi
> [9/34]: configuring uniqueness plugin
> [10/34]: configuring uuid plugin
> [11/34]: configuring modrdn plugin
> [12/34]: configuring DNS plugin
> [13/34]: enabling entryUSN plugin
> [14/34]: configuring lockout plugin
> [15/34]: creating indices
> [16/34]: enabling referential integrity plugin
> [17/34]: configuring ssl for ds instance
> [18/34]: configuring certmap.conf
> [19/34]: configure autobind for root
> [20/34]: configure new location for managed entries
> [21/34]: configure dirsrv ccache
> [22/34]: enable SASL mapping fallback
> [23/34]: restarting directory server
> [24/34]: setting up initial replication
> Starting replication, please wait until this has completed.
> Update in progress, 5 seconds elapsed
> [ipa.example.com] reports: Update failed! Status: [-1 Total update
> abortedLDAP error: Can't contact LDAP server]
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> Failed to start replication
> =================================================================
>
> I've confirmed that I can do ldapsearch from each machine to the other
> one for the replica status records (through ldap and ldaps), so I know that
> they can communicate. Trouble is, something behind the scenes is throwing
> the status error (as seen in the nsds5ReplicaLastInitStatus attribute).
>
> =================================================================
> [root at ipa2 ipaserver]# ldapsearch ldaps://ipa.example.com:636 -D
> 'cn=Directory Manager' -w ##### -b 'cn=meToipa2.example.com,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
> tree,cn=config' '(objectClass=*)' -s base nsds5ReplicaLastInitStart
> nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus cn
> nsds5BeginReplicaRefresh nsds5ReplicaLastInitEnd
> # extended LDIF
> #
> # LDAPv3
> # base <cn=meToipa2.example.com,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
> tree,cn=config> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ldaps://ipa.example.com:636 (objectClass=*)
> nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress
> nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh
> nsds5ReplicaLastInitEnd
> #
>
> # meToipa2.example.com, replica, dc\3Dexample\2Cdc\3Dcom,
> mapping tree, config
> dn: cn=meToipa2.example.com,cn=replica,cn=dc\3Dexample\2Cd
> c\3Dcom,cn=mapping tree,cn=config
> nsds5ReplicaLastInitStart: 20140401092800Z
> nsds5replicaUpdateInProgress: FALSE
> nsds5ReplicaLastInitStatus: -1 Total update abortedLDAP error: Can't
> contact L
> DAP server
> cn: meToipa2.example.com
> nsds5ReplicaLastInitEnd: 20140401092804Z
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> =================================================================
>
> I'd really love for someone to help out with this, as I can't afford
> another entire night trying to figure this out. Thanks in advance!
>
> -Nevada
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140401/c84145ba/attachment.htm>
More information about the Freeipa-users
mailing list