[Freeipa-users] strange replica install error (another one)
Petr Spacek
pspacek at redhat.com
Thu Dec 4 07:45:43 UTC 2014
On 4.12.2014 05:02, Janelle wrote:
> Thanks -- still a bit strange that it did not show up on some servers - vary
> random and intermittent.
>
> BTW - a bit of information others might find useful. If you try to use the
> "LDAP" portion of IPA for authentication - rather than fulling installing the
> IPA client and using Kerberos - the servers running ds-389 do not do well in
> handling the load. In other words - a few hundred hosts trying to authenticate
> via LDAP only will send CPU through the roof and crashes the slapd process
> often. Since IPA is supposed to handle all options, I guess I am disappointed.
>
> regards
> ~J
>
>
> On 12/3/14 2:56 PM, Dmitri Pal wrote:
>> On 12/03/2014 04:40 PM, Janelle wrote:
>>> Here is a bit of baffling one on 4.0.5:
>>>
>>> Replica install p11-kit???
>>
>> This is a part of the DNSSEC set of packages.
>>
>>>
>>> Connection from master to replica is OK.
>>>
>>> Connection check OK
>>> p11-kit: ipa.p11-kit: x-public-key-info: invalid or unsupported attribute
>>> Configuring NTP daemon (ntpd)
>>> [1/4]: stopping ntpd
>>> [2/4]: writing configuration
>>> ...
>>>
>>> Your system may be partly configured.
>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>
>>> LDAP error: UNWILLING_TO_PERFORM
>>> database is read-only
>>>
>>>
>>> Thoughts?
We need more information about your problem.
As always, please start with information requested on
http://www.freeipa.org/page/Troubleshooting#Reporting_bugs
/var/log/ipa*.log from affected replica will be invaluable (along with exact
package version numbers [including p11-kit] and repo configuration).
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list