[Freeipa-users] IPA Replica Issues (Total update abortedLDAP error: Can't contact LDAP server)
Nevada Sanchez
sanchez.nevada at gmail.com
Tue Apr 1 21:28:25 UTC 2014
Okay, I just tried doing this on a FRESH fedora 19 image (applied all
updates, installed freeipa, made a new replica file for the new test
server, and went state to ipa-replica-insntall). Exact same errors.
Anything else I should try?
On Tue, Apr 1, 2014 at 3:22 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 04/01/2014 01:16 PM, Nevada Sanchez wrote:
>
> 389-ds-base-1.3.1.22-1.fc19.x86_64
>
> The following, I think, summarizes the contents of the error log (I
> probably uninstalled and tried reimporting 2 or 3 times in what is shown).
>
> .
> .
> .
> [01/Apr/2014:03:42:46 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to access the
> database
> [01/Apr/2014:03:42:46 -0400] - check_and_set_import_cache: pagesize: 4096,
> pages: 1970554, procpages: 53717
> [01/Apr/2014:03:42:46 -0400] - Import allocates 3152884KB import cache.
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Beginning import job...
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Index buffering enabled
> with bucket size 100
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Processing file
> "/var/lib/dirsrv/boot.ldif"
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Finished scanning file
> "/var/lib/dirsrv/boot.ldif" (1 entries)
> [01/Apr/2014:03:42:46 -0400] - import userRoot: Workers finished; cleaning
> up...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Cleaning up producer
> thread...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Generating numSubordinates
> complete.
> [01/Apr/2014:03:42:47 -0400] - Nothing to do to build ancestorid index
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Closing files...
> [01/Apr/2014:03:42:47 -0400] - All database threads now stopped
> [01/Apr/2014:03:42:47 -0400] - import userRoot: Import complete.
> Processed 1 entries in 1 seconds. (1.00 entries/sec)
> [01/Apr/2014:03:42:47 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:03:42:47 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
> config file.
> [01/Apr/2014:03:42:48 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:03:42:48 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
> config file.
> [01/Apr/2014:03:42:48 -0400] - I'm resizing my cache now...cache was
> 3228553216 and is now 8000000
> [01/Apr/2014:03:42:48 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:03:42:48 -0400] - The change of nsslapd-ldapilisten will not
> take effect until the server is restarted
> [01/Apr/2014:03:43:01 -0400] - Warning: Adding configuration attribute
> "nsslapd-security"
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - signaling operation
> threads
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - waiting for 27
> threads to terminate
> [01/Apr/2014:03:43:01 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [01/Apr/2014:03:43:01 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:03:43:02 -0400] - All database threads now stopped
> [01/Apr/2014:03:43:02 -0400] - slapd stopped.
> [01/Apr/2014:03:43:03 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher
> AES in backend userRoot, attempting to create one...
> [01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher AES successfully
> generated and stored
> [01/Apr/2014:03:43:03 -0400] attrcrypt - No symmetric key found for cipher
> 3DES in backend userRoot, attempting to create one...
> [01/Apr/2014:03:43:03 -0400] attrcrypt - Key for cipher 3DES successfully
> generated and stored
> [01/Apr/2014:03:43:03 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:03:43:04 -0400] ipaenrollment_start - [file ipa_enrollment.c,
> line 393]: Failed to get default realm?!
> [01/Apr/2014:03:43:04 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:03:43:04 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [01/Apr/2014:03:43:04 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:03:43:04 -0400] - slapd shutting down - signaling operation
> threads
> [01/Apr/2014:03:43:04 -0400] - slapd shutting down - waiting for 27
> threads to terminate
> [01/Apr/2014:03:43:05 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [01/Apr/2014:03:43:05 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:03:43:05 -0400] - All database threads now stopped
> [01/Apr/2014:03:43:05 -0400] - slapd stopped.
> [01/Apr/2014:03:43:06 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:03:43:06 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:03:43:06 -0400] ipaenrollment_start - [file ipa_enrollment.c,
> line 393]: Failed to get default realm?!
> [01/Apr/2014:03:43:06 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:03:43:06 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [01/Apr/2014:03:43:06 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin - agmt="cn=
> meToipa.example.com" (ipa:389): The remote replica has a different
> database generation ID than the local database. You may have to
> reinitialize the remote replica, or the local replica.
> [01/Apr/2014:03:43:08 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is going offline;
> disabling replication
> [01/Apr/2014:03:43:08 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to access the
> database
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Workers finished; cleaning
> up...
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:03:43:11 -0400] - import userRoot: Generating numSubordinates
> complete.
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Closing files...
> [01/Apr/2014:03:43:12 -0400] - import userRoot: Import complete.
> Processed 453 entries in 4 seconds. (113.25 entries/sec)
> [01/Apr/2014:03:43:12 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is coming online;
> enabling replication
> [01/Apr/2014:03:43:12 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should
> be added before the CoS Definition.
> [01/Apr/2014:03:43:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:43:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:48:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:48:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:53:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:58:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:03:58:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:08:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:13:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:18:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:18:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:23:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:23:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:28:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:28:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:33:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:33:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:38:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:38:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:43:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:43:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:48:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:48:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:53:19 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:53:19 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:58:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:04:58:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:03:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:03:18 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:08:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:08:18 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:13:18 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:13:19 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:36 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:36 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:41 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:41 -0400] ipalockout_postop - [file ipa_lockout.c,
> line 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:46 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:46 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:58 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:14:58 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - signaling operation
> threads
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - waiting for 28
> threads to terminate
> [01/Apr/2014:05:15:00 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [01/Apr/2014:05:15:01 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:15:01 -0400] - All database threads now stopped
> [01/Apr/2014:05:15:01 -0400] - slapd stopped.
> [01/Apr/2014:05:27:38 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to access the
> database
> [01/Apr/2014:05:27:38 -0400] - check_and_set_import_cache: pagesize: 4096,
> pages: 1970554, procpages: 53717
> [01/Apr/2014:05:27:38 -0400] - Import allocates 3152884KB import cache.
> [01/Apr/2014:05:27:38 -0400] - import userRoot: Beginning import job...
> [01/Apr/2014:05:27:38 -0400] - import userRoot: Index buffering enabled
> with bucket size 100
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Processing file
> "/var/lib/dirsrv/boot.ldif"
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Finished scanning file
> "/var/lib/dirsrv/boot.ldif" (1 entries)
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Workers finished; cleaning
> up...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Cleaning up producer
> thread...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Generating numSubordinates
> complete.
> [01/Apr/2014:05:27:39 -0400] - Nothing to do to build ancestorid index
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:05:27:39 -0400] - import userRoot: Closing files...
> [01/Apr/2014:05:27:40 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:40 -0400] - import userRoot: Import complete.
> Processed 1 entries in 2 seconds. (0.50 entries/sec)
> [01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
> config file.
> [01/Apr/2014:05:27:40 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:05:27:40 -0400] - Db home directory is not set. Possibly
> nsslapd-directory (optionally nsslapd-db-home-directory) is missing in the
> config file.
> [01/Apr/2014:05:27:40 -0400] - I'm resizing my cache now...cache was
> 3228553216 and is now 8000000
> [01/Apr/2014:05:27:41 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:05:27:41 -0400] - The change of nsslapd-ldapilisten will not
> take effect until the server is restarted
> [01/Apr/2014:05:27:54 -0400] - Warning: Adding configuration attribute
> "nsslapd-security"
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - signaling operation
> threads
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - waiting for 28
> threads to terminate
> [01/Apr/2014:05:27:54 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [01/Apr/2014:05:27:54 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:27:55 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:55 -0400] - slapd stopped.
> [01/Apr/2014:05:27:56 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher
> AES in backend userRoot, attempting to create one...
> [01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher AES successfully
> generated and stored
> [01/Apr/2014:05:27:56 -0400] attrcrypt - No symmetric key found for cipher
> 3DES in backend userRoot, attempting to create one...
> [01/Apr/2014:05:27:56 -0400] attrcrypt - Key for cipher 3DES successfully
> generated and stored
> [01/Apr/2014:05:27:56 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:05:27:56 -0400] ipaenrollment_start - [file ipa_enrollment.c,
> line 393]: Failed to get default realm?!
> [01/Apr/2014:05:27:56 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:05:27:56 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [01/Apr/2014:05:27:56 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:05:27:56 -0400] - slapd shutting down - signaling operation
> threads
> [01/Apr/2014:05:27:56 -0400] - slapd shutting down - waiting for 29
> threads to terminate
> [01/Apr/2014:05:27:57 -0400] - slapd shutting down - closing down internal
> subsystems and plugins
> [01/Apr/2014:05:27:57 -0400] - Waiting for 4 database threads to stop
> [01/Apr/2014:05:27:57 -0400] - All database threads now stopped
> [01/Apr/2014:05:27:57 -0400] - slapd stopped.
> [01/Apr/2014:05:27:58 -0400] - 389-Directory/1.3.1.22.a1 B2014.073.1751
> starting up
> [01/Apr/2014:05:27:59 -0400] ipalockout_get_global_config - [file
> ipa_lockout.c, line 185]: Failed to get default realm (-1765328160)
> [01/Apr/2014:05:27:59 -0400] ipaenrollment_start - [file ipa_enrollment.c,
> line 393]: Failed to get default realm?!
> [01/Apr/2014:05:27:59 -0400] - slapd started. Listening on All Interfaces
> port 389 for LDAP requests
> [01/Apr/2014:05:27:59 -0400] - Listening on All Interfaces port 636 for
> LDAPS requests
> [01/Apr/2014:05:27:59 -0400] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin - agmt="cn=
> meToipa.example.com" (ipa:389): The remote replica has a different
> database generation ID than the local database. You may have to
> reinitialize the remote replica, or the local replica.
> [01/Apr/2014:05:28:01 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is going offline;
> disabling replication
> [01/Apr/2014:05:28:01 -0400] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to access the
> database
> [01/Apr/2014:05:28:04 -0400] - import userRoot: Workers finished; cleaning
> up...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Workers cleaned up.
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Indexing complete.
> Post-processing...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Generating numSubordinates
> complete.
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Flushing caches...
> [01/Apr/2014:05:28:05 -0400] - import userRoot: Closing files...
> [01/Apr/2014:05:28:06 -0400] - import userRoot: Import complete.
> Processed 453 entries in 5 seconds. (90.60 entries/sec)
> [01/Apr/2014:05:28:06 -0400] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is coming online;
> enabling replication
> [01/Apr/2014:05:28:06 -0400] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should
> be added before the CoS Definition.
> [01/Apr/2014:05:32:38 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:05:32:38 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> .
> .
> .
> [01/Apr/2014:13:12:39 -0400] ipalockout_preop - [file ipa_lockout.c, line
> 749]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
> [01/Apr/2014:13:12:39 -0400] ipalockout_postop - [file ipa_lockout.c, line
> 503]: Failed to retrieve entry "cn=Replication Manager
> cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config": 32
>
>
> This seems bad, but I'm not sure if this is the root of the replication
> problem.
>
>
>
>
>
> On Tue, Apr 1, 2014 at 1:13 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 04/01/2014 03:46 AM, Nevada Sanchez wrote:
>>
>> I've had a replica working with FreeIPA 3.2.1 for awhile. After upgrading
>> to 3.3.4, the replica wouldn't recognize my admin login anymore. After much
>> troubleshooting, I decided to try to redo the replica since it was quite
>> straightforward when I first set it up (what could go wrong, right?)
>>
>> What is your version of 389-ds-base? rpm -q 389-ds-base
>>
>> What is in your dirsrv errors log?
>> /var/log/dirsrv/slapd-DOMAIN-TLD/errors
>>
>>
>> Unfortunately, I've spent most of my day trying to get the replica to
>> work this time. I've tried turning off all firewalls on both machines,
>> rebooting both machines, upgrading all packages on both machines (both are
>> running Fedora 19), reinstalling FreeIPA packages, and several other
>> things, but I keep getting stuck at the same step (see output below).
>>
>> =================================================================
>> [root at ipa2 ipaserver]# ipa-replica-install --setup-dns --no-forwarders
>> /var/lib/ipa/replica-info-ipa2.example.com.gpg
>> WARNING: conflicting time&date synchronization service 'chronyd' will
>> be disabled in favor of ntpd
>>
>> Run connection check to master
>> Check connection from replica to remote master 'ipa.example.com':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> The following list of ports use UDP protocol and would need to be
>> checked manually:
>> Kerberos KDC: UDP (88): SKIPPED
>> Kerberos Kpasswd: UDP (464): SKIPPED
>>
>> Connection from replica to master is OK.
>> Start listening on required ports for remote master check
>> Get credentials to log in to remote master
>> Check SSH connection to remote master
>> Execute check on remote master
>> Check connection from master to remote replica 'ipa2.example.com':
>> Directory Service: Unsecure port (389): OK
>> Directory Service: Secure port (636): OK
>> Kerberos KDC: TCP (88): OK
>> Kerberos KDC: UDP (88): OK
>> Kerberos Kpasswd: TCP (464): OK
>> Kerberos Kpasswd: UDP (464): OK
>> HTTP Server: Unsecure port (80): OK
>> HTTP Server: Secure port (443): OK
>>
>> Connection from master to replica is OK.
>>
>> Connection check OK
>> Configuring NTP daemon (ntpd)
>> [1/4]: stopping ntpd
>> [2/4]: writing configuration
>> [3/4]: configuring ntpd to start on boot
>> [4/4]: starting ntpd
>> Done configuring NTP daemon (ntpd).
>> Configuring directory server (dirsrv): Estimated time 1 minute
>> [1/34]: creating directory server user
>> [2/34]: creating directory server instance
>> [3/34]: adding default schema
>> [4/34]: enabling memberof plugin
>> [5/34]: enabling winsync plugin
>> [6/34]: configuring replication version plugin
>> [7/34]: enabling IPA enrollment plugin
>> [8/34]: enabling ldapi
>> [9/34]: configuring uniqueness plugin
>> [10/34]: configuring uuid plugin
>> [11/34]: configuring modrdn plugin
>> [12/34]: configuring DNS plugin
>> [13/34]: enabling entryUSN plugin
>> [14/34]: configuring lockout plugin
>> [15/34]: creating indices
>> [16/34]: enabling referential integrity plugin
>> [17/34]: configuring ssl for ds instance
>> [18/34]: configuring certmap.conf
>> [19/34]: configure autobind for root
>> [20/34]: configure new location for managed entries
>> [21/34]: configure dirsrv ccache
>> [22/34]: enable SASL mapping fallback
>> [23/34]: restarting directory server
>> [24/34]: setting up initial replication
>> Starting replication, please wait until this has completed.
>> Update in progress, 5 seconds elapsed
>> [ipa.example.com] reports: Update failed! Status: [-1 Total update
>> abortedLDAP error: Can't contact LDAP server]
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> Failed to start replication
>> =================================================================
>>
>> I've confirmed that I can do ldapsearch from each machine to the other
>> one for the replica status records (through ldap and ldaps), so I know that
>> they can communicate. Trouble is, something behind the scenes is throwing
>> the status error (as seen in the nsds5ReplicaLastInitStatus attribute).
>>
>> =================================================================
>> [root at ipa2 ipaserver]# ldapsearch ldaps://ipa.example.com:636 -D
>> 'cn=Directory Manager' -w ##### -b 'cn=meToipa2.example.com,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
>> tree,cn=config' '(objectClass=*)' -s base nsds5ReplicaLastInitStart
>> nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus cn
>> nsds5BeginReplicaRefresh nsds5ReplicaLastInitEnd
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=meToipa2.example.com,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
>> tree,cn=config> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: ldaps://ipa.example.com:636 (objectClass=*)
>> nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress
>> nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh
>> nsds5ReplicaLastInitEnd
>> #
>>
>> # meToipa2.example.com, replica, dc\3Dexample\2Cdc\3Dcom,
>> mapping tree, config
>> dn: cn=meToipa2.example.com,cn=replica,cn=dc\3Dexample\2Cd
>> c\3Dcom,cn=mapping tree,cn=config
>> nsds5ReplicaLastInitStart: 20140401092800Z
>> nsds5replicaUpdateInProgress: FALSE
>> nsds5ReplicaLastInitStatus: -1 Total update abortedLDAP error: Can't
>> contact L
>> DAP server
>> cn: meToipa2.example.com
>> nsds5ReplicaLastInitEnd: 20140401092804Z
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> =================================================================
>>
>> I'd really love for someone to help out with this, as I can't afford
>> another entire night trying to figure this out. Thanks in advance!
>>
>> -Nevada
>>
>>
>> _______________________________________________
>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140401/f1f785ab/attachment.htm>
More information about the Freeipa-users
mailing list