[Freeipa-users] Replication fails after CentOS 6.5 -> 6.6 Upgrade - sasl_io_recv failed to decode packet for connection xxxx
Craig White
CWhite at skytouchtechnology.com
Fri Oct 31 15:58:38 UTC 2014
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Michael Mercier
Sent: Friday, October 31, 2014 8:12 AM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] Replication fails after CentOS 6.5 -> 6.6 Upgrade - sasl_io_recv failed to decode packet for connection xxxx
Hello,
I just did a 'yum update' from CentOS 6.5 -> 6.6 on my freeipa system (master and 2 replicas) and I seen to have run into the following bug,
https://bugzilla.redhat.com/show_bug.cgi?id=953653
On Master:
[root at srv-1 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-client-3.0.0-42.el6.centos.x86_64
libipa_hbac-python-1.11.6-30.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
[root at srv-1 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64
ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep nsslapd-sasl-max-buffer-size
nsslapd-sasl-max-buffer-size: 65536
[root at srv-1]tail /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:10:59:51 -0400] - sasl_io_recv failed to decode packet for connection 2313
[31/Oct/2014:10:59:55 -0400] - sasl_io_recv failed to decode packet for connection 2314
[31/Oct/2014:11:00:00 -0400] - sasl_io_recv failed to decode packet for connection 2316
[31/Oct/2014:11:00:01 -0400] - sasl_io_recv failed to decode packet for connection 2315
On Replica:
[root at srv-2 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
libipa_hbac-python-1.11.6-30.el6.x86_64
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
[root at srv-2 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64
[root at srv-2 slapd-CN-LOCAL]# ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep nsslapd-sasl-max-buffer-size Enter LDAP Password:
nsslapd-sasl-max-buffer-size: 65536
[root at svr-2]tail -f /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:11:01:11 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Replication bind with GSSAPI auth resumed
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to replicate
schema: rc=2
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Consumer failed to replay change (uniqueid (null), CSN (null)): Can't contact LDAP server(-1). Will retry later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Failed to send update operation to consumer (uniqueid 515cdb0f-24fa11e2-816add07-a91dabe7, CSN
5453fc26000900030000): Can't contact LDAP server. Will retry later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to send endReplication extended operation (Can't contact LDAP server)
In the ticket, Scott Poore says he increased the nsslapd-sasl-max-buffer-size to work around the problem. Is this the correct course of action, or should I be trying something else?
----
I can't speak with certainty but I can tell you that increasing the buffer solved my replication problem immediately.
Craig
More information about the Freeipa-users
mailing list