[Freeipa-users] 3.0.0-42 Replication issue after Centos6.5->6.6 upgrade
dbischof at hrz.uni-kassel.de
dbischof at hrz.uni-kassel.de
Tue Dec 16 18:12:04 UTC 2014
Hi,
On Mon, 15 Dec 2014, dbischof at hrz.uni-kassel.de wrote:
> On Tue, 25 Nov 2014, Rich Megginson wrote:
>> On 11/25/2014 12:32 PM, dbischof at hrz.uni-kassel.de wrote:
>>>
>>> with the help of Thierry and Rich I managed to debug the running
>>> ns-slapd on Server1 (see below). The failing attempt of decoding the
>>> SASL data returns a not very fruitful "-1" (SASL_FAIL, "generic
>>> failure").
>>>
>>> Any ideas? Short summary:
>>>
>>> Server1 = running IPA server
>>> Server2 = intended IPA replica
>>>
>>> Both machines run the exact same, up-to-date version of CentOS 6.6.
>>> However: I had to run "ipa-replica-install" _without_ the option
>>> "--setup-ca" (didn't work, installation failed with some obscure Perl
>>> error), so there's no ns-slapd instance running for PKI-IPA. May this
>>> be related?
>> [...]
>> At this point, it's going to take more than a trivial amount of high
>> latency back-and-forth on the mailling lists. I think we have probably
>> run out of log levels for you to try. Please open a ticket against
>> IPA. While this may turn out to be a bug in 389, at the moment it is
>> only reproducible in your IPA environment.
>> [...]
>
> I've opened Ticket #4807
> https://fedorahosted.org/freeipa/ticket/4807
> on this issue.
problem resolved, increasing nsslapd-sasl-max-buffer-size to 2MB did it. I
administer 2 very small installations, with ~20 users and ~10 hosts each.
If this happens with installations like mine, the default for new
installations should probably be raised in the next 3.0.0 update package.
I've closed the ticket.
Thank you for your support.
Mit freundlichen Gruessen/With best regards,
--Daniel.
More information about the Freeipa-users
mailing list