[Freeipa-users] cant create winsync reolication
Rich Megginson
rmeggins at redhat.com
Fri Jan 31 20:39:01 UTC 2014
On 01/31/2014 12:16 PM, Todd Maugh wrote:
> RE:
>
> I am not sure I was clear. It seems that you provided the LDAP trace
> for the ldapsearch commands you executed above. I was talking about
> the DS level logs for the replica management agreement establishment
> and the follow up replication.
>
> here is the log tailed while I deleted teh replication agreement,
> restarted the dirsrv and tried to setup the replication agreement
Note that 389 does not use /etc/openldap/cacerts - it uses
/etc/dirsrv/slapd-YOUR-DOMAIN, so try this:
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR-DOMAIN ldapsearch -LLLx -ZZ -H
ldap://qatestdc2.boingoqa.local -b "cn=idm
admin,cn=users,dc=boingoqa,dc=local" -D "cn=idm
admin,cn=users,dc=boingoqa,dc=local" -W
>
>
>
> [31/Jan/2014:19:07:37 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:08:12 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:08:13 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:08:25 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:10:01 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:11:51 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:11:54 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:12:00 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:12:12 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:12:36 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:13:12 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:13:13 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:13:24 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:13:57 +0000] NSMMReplicationPlugin - agmt_delete: begin
> [31/Jan/2014:19:14:09 +0000] - slapd shutting down - signaling
> operation threads
> [31/Jan/2014:19:14:09 +0000] - slapd shutting down - waiting for 30
> threads to terminate
> [31/Jan/2014:19:14:09 +0000] - slapd shutting down - closing down
> internal subsystems and plugins
> [31/Jan/2014:19:14:09 +0000] - Waiting for 4 database threads to stop
> [31/Jan/2014:19:14:09 +0000] - All database threads now stopped
> [31/Jan/2014:19:14:09 +0000] - slapd stopped.
> [31/Jan/2014:19:14:12 +0000] - 389-Directory/1.2.11.15 B2013.337.1530
> starting up
> [31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=boingo,dc=com
> [31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=boingo,dc=com
> [31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=boingo,dc=com
> [31/Jan/2014:19:14:12 +0000] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [31/Jan/2014:19:14:12 +0000] set_krb5_creds - Could not get initial
> credentials for principal [ldap/se-idm-01.boingo.com at BOINGO.COM] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see
> e-text))
> [31/Jan/2014:19:14:12 +0000] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [31/Jan/2014:19:14:12 +0000] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (Credentials
> cache file '/tmp/krb5cc_495' not found)) errno 0 (Success)
> [31/Jan/2014:19:14:12 +0000] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> [31/Jan/2014:19:14:12 +0000] NSMMReplicationPlugin -
> agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind
> with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code
> may provide more information (Credentials cache file '/tmp/krb5cc_495'
> not found))
> [31/Jan/2014:19:14:12 +0000] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [31/Jan/2014:19:14:12 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Jan/2014:19:14:12 +0000] - Listening on
> /var/run/slapd-BOINGO-COM.socket for LDAPI requests
> [31/Jan/2014:19:14:16 +0000] NSMMReplicationPlugin -
> agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind
> with GSSAPI auth resumed
> [31/Jan/2014:19:15:18 +0000] - slapd shutting down - signaling
> operation threads
> [31/Jan/2014:19:15:18 +0000] - slapd shutting down - waiting for 30
> threads to terminate
> [31/Jan/2014:19:15:18 +0000] - slapd shutting down - closing down
> internal subsystems and plugins
> [31/Jan/2014:19:15:18 +0000] - Waiting for 4 database threads to stop
> [31/Jan/2014:19:15:18 +0000] - All database threads now stopped
> [31/Jan/2014:19:15:18 +0000] - slapd stopped.
> [31/Jan/2014:19:15:23 +0000] - 389-Directory/1.2.11.15 B2013.337.1530
> starting up
> [31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=boingo,dc=com
> [31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=boingo,dc=com
> [31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=boingo,dc=com
> [31/Jan/2014:19:15:23 +0000] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [31/Jan/2014:19:15:23 +0000] set_krb5_creds - Could not get initial
> credentials for principal [ldap/se-idm-01.boingo.com at BOINGO.COM] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see
> e-text))
> [31/Jan/2014:19:15:23 +0000] - Skipping CoS Definition cn=Password
> Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which
> should be added before the CoS Definition.
> [31/Jan/2014:19:15:23 +0000] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure. Minor code may provide more information (Credentials
> cache file '/tmp/krb5cc_495' not found)) errno 0 (Success)
> [31/Jan/2014:19:15:23 +0000] slapi_ldap_bind - Error: could not
> perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
> [31/Jan/2014:19:15:23 +0000] NSMMReplicationPlugin -
> agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind
> with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1):
> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code
> may provide more information (Credentials cache file '/tmp/krb5cc_495'
> not found))
> [31/Jan/2014:19:15:23 +0000] - slapd started. Listening on All
> Interfaces port 389 for LDAP requests
> [31/Jan/2014:19:15:23 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Jan/2014:19:15:23 +0000] - Listening on
> /var/run/slapd-BOINGO-COM.socket for LDAPI requests
> [31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:25 +0000] NSMMReplicationPlugin -
> agmt="cn=meToqatestdc2.boingoqa.local" (qatestdc2:389): Replication
> bind with SIMPLE auth failed: LDAP error -11 (Connect error) (TLS
> error -8179:Peer's Certificate issuer is not recognized.)
> [31/Jan/2014:19:15:25 +0000] - Entry
> "cn=meToqatestdc2.boingoqa.local,cn=replica,cn=dc\3Dboingo\2Cdc\3Dcom,cn=mapping
> tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not
> allowed
> [31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:26 +0000] NSMMReplicationPlugin -
> agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind
> with GSSAPI auth resumed
> [31/Jan/2014:19:15:27 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:27 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:28 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [31/Jan/2014:19:15:30 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140131/52546c6e/attachment.htm>
More information about the Freeipa-users
mailing list