[Freeipa-users] IPA Replica Install Failing with "UnboundLocalError: local variable 'replman' referenced before assignment"

Rob Crittenden rcritten at redhat.com
Tue Jul 15 18:00:16 UTC 2014 

Choudhury, Suhail wrote:
> Okay tried that Petr, but yes still getting the LDAP connection error:
> ------------------------------------------------------------------------------------------------------------
>     return_value = main_function()
> 
>   File "/usr/sbin/ipa-replica-install", line 431, in main
>     tls_cacertfile=CACERT)
> 
>   File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect
>     conn = self.create_connection(*args, **kw)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 846, in create_connection
>     self.handle_errors(e)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 736, in handle_errors
>     error=u'LDAP Server Down')
> 
> ipa         : INFO     The ipa-replica-install command failed, exception: NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
> 
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> Unexpected error - see /var/log/ipareplica-install.log for details:
> NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
> ------------------------------------------------------------------------------------------------------------
> 

What command-line are you using?

> 
> Running the LDAP query directly is successful:
> ------------------------------------------------------------------------------------------------------------
> [root at recsds3 ~]# ldapsearch -x -s one -b cn=schema -h ipa01.domain.com

This isn't exactly the same thing. Try this:

# ldapsearch -x -H ldaps://ipa01.domain.com -s one -b cn=schema

You may also want to look at the 389-ds access log on ipa01 to see if
the connection was rejected.

> Is there an exhaustive list of ports(TCP/UDP) required for IPA replica setup? I just successfully created an IPA replica by connecting to another IPA master so it perhaps it is a specific port that is required that is not apparent?

It depends very much on what version of IPA you are installing with what
features.

Generally though the list is TCP 389, 636, 88, 464, 80 and 443, UDP 88,
464. Older versions may require more.

ipa-replica-conncheck, which is run as part of the replica install
unless you've disabled it, should confirm that the required ports are open.

rob

More information about the Freeipa-users mailing list