[Freeipa-users] IPA Replication not working for User and DNS
Yogesh Sharma
yks0000 at gmail.com
Mon Nov 2 06:42:20 UTC 2015
Adding to this, I am able to do ldsearch from the server which I am trying
to make replica.
[root at ipa-inf-prd-ng2-02 ~]# ldapsearch -x -H ldap://
ipa-inf-prd-ng2-01.klikpay.int -s base -b '' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: cn=changelog
namingContexts: dc=klikpay,dc=int
namingContexts: o=ipaca
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root at ipa-inf-prd-ng2-02 ~]#
*Best Regards,*
*__________________________________________*
*Yogesh Sharma*
*Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
<http://www.initd.in/> *
*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
<https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
<https://twitter.com/checkwithyogesh>
<http://google.com/+YogeshSharmaOnGooglePlus>
On Mon, Nov 2, 2015 at 11:24 AM, Yogesh Sharma <yks0000 at gmail.com> wrote:
> Tried to re-enroll the replica however, getting the same error, though I
> am able to connect to server.
>
> =====
>
> Starting replication, please wait until this has completed.
>
> [ipa-inf-prd-ng2-01.klikpay.int] reports: Update failed! Status: [-1 -
> LDAP error: Can't contact LDAP server]
>
> [error] RuntimeError: Failed to start replication
>
> =====
>
>
> [root at ipa-inf-prd-ng2-02 ~]# telnet ipa-inf-prd-ng2-01.klikpay.int 389
> Trying 172.16.32.10...
> Connected to ipa-inf-prd-ng2-01.klikpay.int.
> Escape character is '^]'.
> ^]
> telnet> quit
> Connection closed.
> [root at ipa-inf-prd-ng2-02 ~]#
>
>
>
> *Best Regards,*
>
> *__________________________________________*
>
> *Yogesh Sharma*
> *Email: yks0000 at gmail.com <yks0000 at gmail.com> | Web: www.initd.in
> <http://www.initd.in/> *
>
> *RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*
>
> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
> <https://twitter.com/checkwithyogesh>
> <http://google.com/+YogeshSharmaOnGooglePlus>
>
> On Fri, Oct 30, 2015 at 7:05 PM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Yogesh Sharma wrote:
>> > Team,
>> >
>> > Noticed that user created on IPA Master are not replicating on Replica.
>> >
>> > Also, we create a new Zone in Master, However we do not see the same in
>> > replica server.
>>
>> You need to figure out why ipa-inf-prd-ng2-01.klikpay.int can't contact
>> port 389 on ipa-inf-prd-ng2-02.klikpay.int. It may be someone threw up a
>> firewall without telling you, or someone tweaked the rules on either of
>> those boxes.
>>
>> Doing re-init, force-sync, etc is always going to fail if one can't talk
>> to the other.
>>
>> rob
>>
>> >
>> >
>> > Below is the information:
>> >
>> > From Master:
>> >
>> > [root at ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
>> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
>> > Directory Manager password:
>> >
>> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>:
>> > replica
>> > last init status: None
>> > last init ended: None
>> > last update status: -1 Unable to acquire replicaLDAP error: Can't
>> > contact LDAP server
>> > last update ended: None
>> > [root at ipa-inf-prd-ng2-01 ~]#
>> >
>> >
>> >
>> > From Replica:
>> >
>> >
>> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
>> > ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
>> > Directory Manager password:
>> >
>> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>:
>> > replica
>> > last init status: None
>> > last init ended: None
>> > last update status: 0 Replica acquired successfully: Incremental
>> > update succeeded
>> > last update ended: 2015-10-30 10:36:25+00:00
>> > [root at ipa-inf-prd-ng2-02 ~]#
>> >
>> >
>> > Though it says it is replicated (last update ended), We are not seeing
>> > new users and the new DNS Zone which we created
>> >
>> >
>> > I also tried force replication, though I can not see the new Changes:
>> >
>> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
>> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
>> > Directory Manager password:
>> >
>> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > <http://meToipa-inf-prd-ng2-02.klikpay.int
>> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config schedule to 2358-2359 0 to force synch
>> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>> > cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > <http://meToipa-inf-prd-ng2-02.klikpay.int
>> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config
>> > [root at ipa-inf-prd-ng2-02 ~]#
>> >
>> >
>> > Once I do re-initialization, it gives "Can't Contact LDAP Server"
>> >
>> > [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize --from
>> > ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
>> > Directory Manager password:
>> >
>> > ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > <http://meToipa-inf-prd-ng2-02.klikpay.int
>> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config schedule to 2358-2359 0 to force synch
>> > ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>> > cn=meToipa-inf-prd-ng2-02.klikpay.int
>> > <http://meToipa-inf-prd-ng2-02.klikpay.int
>> >,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>> > tree,cn=config
>> >
>> > [ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int
>> >]
>> > reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP
>> > server]
>> >
>> >
>> >
>> >
>> > /Best Regards,/
>> > /__________________________________________
>> > /
>> > /Yogesh Sharma
>> > /
>> > /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web:
>> www.initd.in
>> > <http://www.initd.in/> /
>> > /
>> > /
>> > /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
>> >
>> > <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> <
>> https://twitter.com/checkwithyogesh> <
>> http://google.com/+YogeshSharmaOnGooglePlus>
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151102/65176b87/attachment.htm>
More information about the Freeipa-users
mailing list