[Freeipa-users] 3.0.0-42 Replication issue after Centos6.5->6.6 upgrade
thierry bordaz
tbordaz at redhat.com
Thu Nov 20 14:49:27 UTC 2014
On 11/20/2014 12:03 PM, dbischof at hrz.uni-kassel.de wrote:
> Hi,
>
> On Thu, 20 Nov 2014, thierry bordaz wrote:
>
>> Server1 successfully replicated to Server2, but Server2 fails to
>> replicated to Server1.
>>
>> The replication Server2->Server1 is done with kerberos
>> authentication. Server1 receives the replication session,
>> successfully identify the replication manager, start to receives
>> replication extop but suddenly closes the connection.
>>
>>
>> [19/Nov/2014:14:21:39 +0100] conn=2980 fd=78 slot=78 connection from
>> xxx to yyy
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=0 BIND dn="" method=sasl
>> version=3 mech=GSSAPI
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=0 RESULT err=14 tag=97
>> nentries=0 etime=0, SASL bind in progress
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=1 BIND dn="" method=sasl
>> version=3 mech=GSSAPI
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=1 RESULT err=14 tag=97
>> nentries=0 etime=0, SASL bind in progress
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=2 BIND dn="" method=sasl
>> version=3 mech=GSSAPI
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=2 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="krbprincipalname=xxx"
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=3 SRCH base="" scope=0
>> filter="(objectClass=*)" attrs="supportedControl supportedExtension"
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=3 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=4 SRCH base="" scope=0
>> filter="(objectClass=*)" attrs="supportedControl supportedExtension"
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=4 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=5 EXT
>> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=5 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=6 SRCH base="cn=schema"
>> scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=6 RESULT err=0 tag=101
>> nentries=1 etime=0
>> [19/Nov/2014:14:21:39 +0100] conn=2980 op=-1 fd=78 closed - I/O
>> function error.
>>
>> The reason of this closure is logged in server1 error log.
>> sasl_decode fails to decode a received PDU.
>>
>> [19/Nov/2014:14:21:39 +0100] - sasl_io_recv failed to decode packet
>> for connection 2980
>>
>> I do not know why it fails but I wonder if the received PDU is not
>> larger than the maximum configured value. The attribute
>> nsslapd-maxsasliosize is set to 2Mb by default. Would it be possible
>> to increase its value (5Mb) to see if it has an impact
>>
>> [...]
>
> I set nsslapd-maxsasliosize to 6164480 on both machines, but the
> problem remains.
>
>
> Mit freundlichen Gruessen/With best regards,
>
> --Daniel.
Hello Daniel,
The sasl-decode fails but the exact returned value is not logged. With
standard version we may need to attach a debugger and then set a
conditional breakpoint in sasl-decode just after conn->oparams.decode
that will fire if result !=0. Now this can change the dynamic and
possibly prevent the problem to occur again.
The other option is to use an instrumented version to log this value.
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141120/6c18ea58/attachment.htm>
More information about the Freeipa-users
mailing list