[Freeipa-users] Problem with replica

Nicola Canepa canepa.n at mmfg.it
Thu Sep 24 07:08:30 UTC 2015 

Hello, I'm trying to setup a partial replica of the LDAP tree stored in 
389-ds by FreeIPA 4.1 (under CentOS 7), so that legacy systems have a 
local copy of the data needed to authenticate.
Those systems have already OpenLDAP installed, so I 'm trying to enable 
syncrepl from DS to OL.
I followed this ticket: https://fedorahosted.org/freeipa/ticket/3967 and 
I enabled the 2 plugins as indicated.
When the slave starts and tries to sync, the ns-slapd process on FreeIPA 
server dies, with this in syslog:
> kernel: ns-slapd[4801]: segfault at 0 ip 00007f0f041f2db6 sp 
> 00007f0ecc7f0f38 error 4 in libc-2.17.so[7f0f0416e000+1b6000]
immediately (same second) followed by:
> named[1974]: LDAP error: Can't contact LDAP server: ldap_sync_poll() 
> failed
> named[1974]: ldap_syncrepl will reconnect in 60 seconds
> systemd: dirsrv at XXX.service: main process exited, code=killed, 
> status=11/SEGV

There is nothing in access or error log (found in 
/var/log/dirsrv/INSTANCE) at that second (last log is 30 seconds before 
the problem).

Even if replica doesn't work, I think it shoundn't kill the daemon.


The ldif used on the slave:
> dn: olcDatabase={1}bdb,cn=config
> changetype: modify
> replace:olcSyncrepl
> olcSyncrepl: rid=0001
>   provider=ldap://AAA.TLD
>   type=refreshOnly
>   interval=00:1:00:00
>   retry="5 5 300 +"
>   searchbase="YYY"
>   attrs="*,+"
>   bindmethod=simple
>   binddn="uid=XXX,cn=users,cn=accounts,dc=YYY"
>   credentials=ZZZ


Nicola

-- 

Nicola Canepa
Tel: +39-0522-399-3474
canepa.n at mmfg.it
---
Il contenuto della presente comunicazione è riservato e destinato esclusivamente ai destinatari indicati. Nel caso in cui sia ricevuto da persona diversa dal destinatario sono proibite la diffusione, la distribuzione e la copia. Nel caso riceveste la presente per errore, Vi preghiamo di informarci e di distruggerlo e/o cancellarlo dal Vostro computer, senza utilizzare i dati contenuti. La presente comunicazione (comprensiva dei documenti allegati) non avrà valore di proposta contrattuale e/o accettazione di proposte provenienti dal destinatario, nè rinuncia o riconoscimento di diritti, debiti e/o crediti, nè sarà impegnativa, qualora non sia sottoscritto successivo accordo da chi può validamente obbligarci. Non deriverà alcuna responsabilità precontrattuale a ns. carico, se la presente non sia seguita da contratto sottoscritto dalle parti.

The content of the above communication is strictly confidential and reserved solely for the referred addressees. In the event of receipt by persons different from the addressee, copying, alteration and distribution are forbidden. If received by mistake we ask you to inform us and to destroy and/or delete from your computer without using the data herein contained. The present message (eventual annexes inclusive) shall not be considered a contractual proposal and/or acceptance of offer from the addressee, nor waiver recognizance of rights, debts  and/or credits, nor shall it be binding when not executed as a subsequent agreement by persons who could lawfully represent us. No pre-contractual liability shall apply to us when the present communication is not followed by any binding agreement between the parties.

More information about the Freeipa-users mailing list