[Freeipa-users] IPA Replication not working for User and DNS

Martin Basti mbasti at redhat.com
Fri Oct 30 12:42:55 UTC 2015 


On 30.10.2015 11:54, Yogesh Sharma wrote:
> Additionally, On Replica UI, I am getting below Error Message:
>
>
>         IPA Error 4301: CertificateOperationError
>
> Certificate operation cannot be completed: Unable to communicate with 
> CMS (Not Found)
>
Hello, can you check /var/log/httpd/error_log if there is a detailed info?

Martin
>
> /Best Regards,/
> /__________________________________________
> /
> /Yogesh Sharma
> /
> /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web: 
> www.initd.in <http://www.initd.in/> /
> /
> /
> /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
>
> <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000> 
> <https://twitter.com/checkwithyogesh> 
> <http://google.com/+YogeshSharmaOnGooglePlus>
>
> On Fri, Oct 30, 2015 at 4:16 PM, Yogesh Sharma <yks0000 at gmail.com 
> <mailto:yks0000 at gmail.com>> wrote:
>
>     Team,
>
>     Noticed that user created on IPA Master are not replicating on
>     Replica.
>
>     Also, we create a new Zone in Master, However we do not see the
>     same in replica server.
>
>
>     Below is the information:
>
>     From Master:
>
>     [root at ipa-inf-prd-ng2-01 ~]# ipa-replica-manage list -v
>     ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
>     Directory Manager password:
>
>     ipa-inf-prd-ng2-02.klikpay.int
>     <http://ipa-inf-prd-ng2-02.klikpay.int>: replica
>       last init status: None
>       last init ended: None
>       last update status: -1 Unable to acquire replicaLDAP error:
>     Can't contact LDAP server
>       last update ended: None
>     [root at ipa-inf-prd-ng2-01 ~]#
>
>
>
>     From Replica:
>
>
>     [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage list -v
>     ipa-inf-prd-ng2-02.klikpay.int <http://ipa-inf-prd-ng2-02.klikpay.int>
>     Directory Manager password:
>
>     ipa-inf-prd-ng2-01.klikpay.int
>     <http://ipa-inf-prd-ng2-01.klikpay.int>: replica
>       last init status: None
>       last init ended: None
>       last update status: 0 Replica acquired successfully: Incremental
>     update succeeded
>       last update ended: 2015-10-30 10:36:25+00:00
>     [root at ipa-inf-prd-ng2-02 ~]#
>
>
>     Though it says it is replicated (last update ended), We are not
>     seeing new users and the new DNS Zone which we created
>
>
>     I also tried force replication, though I can not see the new Changes:
>
>     [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage force-sync --from
>     ipa-inf-prd-ng2-01.klikpay.int <http://ipa-inf-prd-ng2-01.klikpay.int>
>     Directory Manager password:
>
>     ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>     <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>     tree,cn=config schedule to 2358-2359 0 to force synch
>     ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>     cn=meToipa-inf-prd-ng2-02.klikpay.int
>     <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>     tree,cn=config
>     [root at ipa-inf-prd-ng2-02 ~]#
>
>
>     Once I do re-initialization, it gives "Can't Contact LDAP Server"
>
>     [root at ipa-inf-prd-ng2-02 ~]# ipa-replica-manage re-initialize
>     --from ipa-inf-prd-ng2-01.klikpay.int
>     <http://ipa-inf-prd-ng2-01.klikpay.int>
>     Directory Manager password:
>
>     ipa: INFO: Setting agreement cn=meToipa-inf-prd-ng2-02.klikpay.int
>     <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>     tree,cn=config schedule to 2358-2359 0 to force synch
>     ipa: INFO: Deleting schedule 2358-2359 0 from agreement
>     cn=meToipa-inf-prd-ng2-02.klikpay.int
>     <http://meToipa-inf-prd-ng2-02.klikpay.int>,cn=replica,cn=dc\=klikpay\,dc\=int,cn=mapping
>     tree,cn=config
>
>     [ipa-inf-prd-ng2-01.klikpay.int
>     <http://ipa-inf-prd-ng2-01.klikpay.int>] reports: Update failed!
>     Status: [-1  - LDAP error: Can't contact LDAP server]
>
>
>
>
>     /Best Regards,/
>     /__________________________________________
>     /
>     /Yogesh Sharma
>     /
>     /Email: yks0000 at gmail.com <mailto:yks0000 at gmail.com> | Web:
>     www.initd.in <http://www.initd.in/> /
>     /
>     /
>     /RHCE, VCE-CIA, RACKSPACE CLOUD U Certified/
>
>     <https://www.fb.com/yks0000> <http://in.linkedin.com/in/yks0000>
>     <https://twitter.com/checkwithyogesh>
>     <http://google.com/+YogeshSharmaOnGooglePlus>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151030/1bc016e9/attachment.htm>

More information about the Freeipa-users mailing list