[Freeipa-users] Replication fails after CentOS 6.5 -> 6.6 Upgrade - sasl_io_recv failed to decode packet for connection xxxx
Michael Mercier
mmercier at gmail.com
Fri Oct 31 15:11:31 UTC 2014
Hello,
I just did a 'yum update' from CentOS 6.5 -> 6.6 on my freeipa system
(master and 2 replicas) and I seen to have run into the following bug,
https://bugzilla.redhat.com/show_bug.cgi?id=953653
On Master:
[root at srv-1 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-client-3.0.0-42.el6.centos.x86_64
libipa_hbac-python-1.11.6-30.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
[root at srv-1 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64
ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep
nsslapd-sasl-max-buffer-size
nsslapd-sasl-max-buffer-size: 65536
[root at srv-1]tail /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:10:59:51 -0400] - sasl_io_recv failed to decode packet for
connection 2313
[31/Oct/2014:10:59:55 -0400] - sasl_io_recv failed to decode packet for
connection 2314
[31/Oct/2014:11:00:00 -0400] - sasl_io_recv failed to decode packet for
connection 2316
[31/Oct/2014:11:00:01 -0400] - sasl_io_recv failed to decode packet for
connection 2315
On Replica:
[root at srv-2 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
libipa_hbac-python-1.11.6-30.el6.x86_64
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
[root at srv-2 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64
[root at srv-2 slapd-CN-LOCAL]# ldapsearch -b cn=config -D "cn=Directory
Manager" -W | grep nsslapd-sasl-max-buffer-size
Enter LDAP Password:
nsslapd-sasl-max-buffer-size: 65536
[root at svr-2]tail -f /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:11:01:11 -0400] NSMMReplicationPlugin -
agmt="cn=meTosrv-1.xxxx" (srv-1:389): Replication bind with GSSAPI auth
resumed
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to replicate
schema: rc=2
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTosrv-1.xxxx" (srv-1:389): Consumer failed to replay change
(uniqueid (null), CSN (null)): Can't contact LDAP server(-1). Will retry
later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTosrv-1.xxxx" (srv-1:389): Failed to send update operation to
consumer (uniqueid 515cdb0f-24fa11e2-816add07-a91dabe7, CSN
5453fc26000900030000): Can't contact LDAP server. Will retry later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin -
agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to send
endReplication extended operation (Can't contact LDAP server)
In the ticket, Scott Poore says he increased the
nsslapd-sasl-max-buffer-size to work around the problem. Is this the
correct course of action, or should I be trying something else?
Thanks,
Mike
More information about the Freeipa-users
mailing list