[Freeipa-users] Replication Update in progress : FALSE LDAP ERROR
Rich Megginson
rmeggins at redhat.com
Fri May 15 14:09:53 UTC 2015
On 05/14/2015 11:33 PM, nathan at nathanpeters.com wrote:
>>> [root at ipadc1 cacerts]# ipa-replica-manage connect --winsync --binddn
>>> "cn=ad sync,cn=Users,dc=test,dc=mycompany,dc=net" --bindpw
>>> supersecretpassword --passsync supersecretpassword --cacert
>>> /etc/openldap/cacerts/addc2-test.cer addc2.test.mycompany.net -v
>>> Directory Manager password:
>>>
>>> Added CA certificate /etc/openldap/cacerts/addc2-test.cer to certificate
>>> database for ipadc1.ipadomain.net
>>> ipa: INFO: AD Suffix is: DC=test,DC=mycompany,DC=net
>>> The user for the Windows PassSync service is
>>> uid=passsync,cn=sysaccounts,cn=etc,dc=ipadomain,dc=net
>>> Windows PassSync system account exists, not resetting password
>>> ipa: INFO: Added new sync agreement, waiting for it to become ready . .
>>> .
>>> ipa: INFO: Replication Update in progress: FALSE: status: -11 - LDAP
>>> error: Connect error: start: 0: end: 0
>>> ipa: INFO: Agreement is ready, starting replication . . .
>>> Starting replication, please wait until this has completed.
>>>
>>> [ipadc1.ipadomain.net] reports: Update failed! Status: [-11 - LDAP
>>> error:
>>> Connect error]
>> Have you tried using ldapsearch to verify the connection?
>>
>> # LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLL -ZZ -h
>> addc2.test.mycompany.net -D "cn=ad
>> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w
>> "supersecretpassword" -s base -b "cn=Users,dc=test,dc=mycompany,dc=net"
>> "objectclass=*"
>>
>> and/or
>>
>> # LDAPTLS_CACERT=/etc/openldap/cacerts/addc2-test.cer ldapsearch -xLLL
>> -ZZ -h addc2.test.mycompany.net -D "cn=ad
>> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w
>> "supersecretpassword" -s base -b "cn=Users,dc=test,dc=mycompany,dc=net"
>> "objectclass=*"
>>
> Both commands give the same successful result. I don't think it's a
> problem with the credentials because I was able to generate different
> error messages during the attempted sync setup if I intentionally gave a
> bad password or username.
Ok. Have you tried enabling the replication log level?
http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting
> Here is what happens when I run the above
> commands :
>
> [root at ipadc1 cacerts]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM
> ldapsearch -xLLL -ZZ -h addc2.test.mycompany.net -D "cn=ad
> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w "supersecretpassword" -s
> base -b "cn=Users,dc=test,dc=mycompany,dc=net" "objectclass=*"
> dn: cn=Users,dc=test,dc=mycompany,dc=net
> objectClass: top
> objectClass: container
> cn: Users
> description: Default container for upgraded user accounts
> distinguishedName: CN=Users,DC=test,DC=mycompany,DC=net
> instanceType: 4
> whenCreated: 20150515024307.0Z
> whenChanged: 20150515024307.0Z
> uSNCreated: 5696
> uSNChanged: 5696
> showInAdvancedViewOnly: FALSE
> name: Users
> objectGUID:: V9KaoufynkWbJpSo2PjxiA==
> systemFlags: -1946157056
> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=test,DC=mycompany,DC=net
> isCriticalSystemObject: TRUE
> dSCorePropagationData: 20150515025646.0Z
> dSCorePropagationData: 16010101000001.0Z
>
> [root at ipadc1 cacerts]# LDAPTLS_CACERT=/etc/openldap/cacerts/addc2-test.cer
> ldapsearch -xLLL -ZZ -h addc2.test.mycompany.net -D "cn=ad
> sync,cn=Users,dc=test,dc=mycompany,dc=net" -w "supersecretpassword" -s
> base -b "cn=Users,dc=test,dc=mycompany,dc=net" "objectclass=*"
> dn: cn=Users,dc=test,dc=mycompany,dc=net
> objectClass: top
> objectClass: container
> cn: Users
> description: Default container for upgraded user accounts
> distinguishedName: CN=Users,DC=test,DC=mycompany,DC=net
> instanceType: 4
> whenCreated: 20150515024307.0Z
> whenChanged: 20150515024307.0Z
> uSNCreated: 5696
> uSNChanged: 5696
> showInAdvancedViewOnly: FALSE
> name: Users
> objectGUID:: V9KaoufynkWbJpSo2PjxiA==
> systemFlags: -1946157056
> objectCategory:
> CN=Container,CN=Schema,CN=Configuration,DC=test,DC=mycompany,DC=net
> isCriticalSystemObject: TRUE
> dSCorePropagationData: 20150515025646.0Z
> dSCorePropagationData: 16010101000001.0Z
>
>
More information about the Freeipa-users
mailing list