[Freeipa-users] 3.0.0-42 Replication issue after Centos6.5->6.6 upgrade
dbischof at hrz.uni-kassel.de
dbischof at hrz.uni-kassel.de
Thu Nov 20 11:03:48 UTC 2014
Hi,
On Thu, 20 Nov 2014, thierry bordaz wrote:
> Server1 successfully replicated to Server2, but Server2 fails to
> replicated to Server1.
>
> The replication Server2->Server1 is done with kerberos authentication.
> Server1 receives the replication session, successfully identify the
> replication manager, start to receives replication extop but suddenly
> closes the connection.
>
>
> [19/Nov/2014:14:21:39 +0100] conn=2980 fd=78 slot=78 connection from
> xxx to yyy
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=0 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=0 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=1 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=2 RESULT err=0 tag=97
> nentries=0 etime=0 dn="krbprincipalname=xxx"
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=3 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="supportedControl supportedExtension"
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=3 RESULT err=0 tag=101
> nentries=1 etime=0
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=4 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="supportedControl supportedExtension"
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=4 RESULT err=0 tag=101
> nentries=1 etime=0
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=5 EXT
> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=5 RESULT err=0 tag=120
> nentries=0 etime=0
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=6 SRCH base="cn=schema"
> scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=6 RESULT err=0 tag=101
> nentries=1 etime=0
> [19/Nov/2014:14:21:39 +0100] conn=2980 op=-1 fd=78 closed - I/O
> function error.
>
> The reason of this closure is logged in server1 error log. sasl_decode fails
> to decode a received PDU.
>
> [19/Nov/2014:14:21:39 +0100] - sasl_io_recv failed to decode packet
> for connection 2980
>
> I do not know why it fails but I wonder if the received PDU is not larger
> than the maximum configured value. The attribute nsslapd-maxsasliosize is set
> to 2Mb by default. Would it be possible to increase its value (5Mb) to see if
> it has an impact
>
> [...]
I set nsslapd-maxsasliosize to 6164480 on both machines, but the problem
remains.
Mit freundlichen Gruessen/With best regards,
--Daniel.
More information about the Freeipa-users
mailing list