[Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request

lejeczek peljasz at yahoo.co.uk
Mon Mar 6 10:38:14 UTC 2017 


On 04/03/17 14:47, lejeczek wrote:
> hi everyone
> I've seemingly finely working domain, I mean it all seem 
> fine to me, except for:
>
> [04/Mar/2017:14:26:47.439218725 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:26:47.441155853 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:31:47.454016982 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:31:47.482477473 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:36:46.458508994 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:36:46.479878884 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:41:47.389700728 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
> [04/Mar/2017:14:41:47.394379376 +0000] slapi_ldap_bind - 
> Error: could not send startTLS request: error -1 (Can't 
> contact LDAP server) errno 107 (Transport endpoint is not 
> connected)
>
> being logged quite frequently, as you can see. Setup:
>
> ipa-client-4.4.0-14.el7.centos.4.x86_64
> ipa-client-common-4.4.0-14.el7.centos.4.noarch
> ipa-common-4.4.0-14.el7.centos.4.noarch
> ipa-python-compat-4.4.0-14.el7.centos.4.noarch
> ipa-server-4.4.0-14.el7.centos.4.x86_64
> ipa-server-common-4.4.0-14.el7.centos.4.noarch
> ipa-server-dns-4.4.0-14.el7.centos.4.noarch
>
> Replication, users, logins, all seem normal. But above 
> bothers me as I am afraid it may one day turn out critical 
> and brake stuff down.
> This is on the first server that initiated the domain, 
> long time ago.
> There is a second server which logs the same, but only a 
> few entries then goes quiet.
> Third server's error log is completely free from this error.
>
> Would appreciate all help.
> L

As I was afraid... more. I'm adding a replica, with 
arguments: --setup-dns --no-forwarders . This seems to have 
succeeded:
...
Configured /etc/ssh/sshd_config
Configuring private.ccnr.ceb.private.cam.ac.uk as NIS domain.
Client configuration complete.

but on the master(fist server in the domain) during replica 
installation I see:

[06/Mar/2017:09:56:01.022636856 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): The 
remote replica has a different database generation ID than 
the local database.  You may have to reinitialize the remote 
replica, or the local replica.
[06/Mar/2017:09:56:01.900679757 +0000] NSMMReplicationPlugin 
- Beginning total update of replica 
"agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389)".
[06/Mar/2017:09:56:05.287761359 +0000] NSMMReplicationPlugin 
- Finished total update of replica 
"agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389)". 
Sent 799 entries.
[06/Mar/2017:09:56:15.293584156 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): 
Unable to receive the response for a startReplication 
extended operation to consumer (Can't contxx. LDAP server). 
Will retry later.
[06/Mar/2017:09:56:19.220334467 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): 
Replication bind with SIMPLE auth resumed
[06/Mar/2017:09:56:24.523570143 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): 
Replication bind with GSSAPI auth failed: LDAP error 49 
(Invalid credentials) ()
[06/Mar/2017:09:56:46.295504003 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): 
Replication bind with GSSAPI auth failed: LDAP error -1 
(Can't contxx. LDAP server) ()
...
[06/Mar/2017:09:57:57.620175772 +0000] NSMMReplicationPlugin 
- agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): 
Replication bind with GSSAPI auth resumed
[06/Mar/2017:10:01:46.442346796 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
cloneAgreement1-swir.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)
[06/Mar/2017:10:01:46.452580492 +0000] NSMMReplicationPlugin 
- 
agmt="cn=masterAgreement1-swir.priv.xx.xx.priv.xx.xx.x.pki-tomcat" 
(swir:389): Replication bind with SIMPLE auth failed: LDAP 
error 32 (No such object) ()
[06/Mar/2017:10:01:46.454557885 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
masterAgreement1-rider.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)
[06/Mar/2017:10:01:46.456463238 +0000] NSMMReplicationPlugin 
- 
agmt="cn=cloneAgreement1-rider.priv.xx.xx.priv.xx.xx.x.pki-tomcat" 
(swir:389): Replication bind with SIMPLE auth failed: LDAP 
error 32 (No such object) ()
Configured /etc/ssh/sshd_config
Configuring priv.xx.xx.priv.xx.xx.x.as NIS domain.
[06/Mar/2017:10:06:46.708910487 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
cloneAgreement1-swir.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)

and on the other(third replica server):
...
[06/Mar/2017:09:59:32.505421711 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
masterAgreement1-dzien.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)
[06/Mar/2017:09:59:32.511853210 +0000] NSMMReplicationPlugin 
- 
agmt="cn=cloneAgreement1-dzien.priv.xx.xx.priv.xx.xx.x.pki-tomcat" 
(swir:389): Replication bind with SIMPLE auth failed: LDAP 
error 32 (No such object) ()
[06/Mar/2017:10:04:31.881879230 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
masterAgreement1-dzien.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)
[06/Mar/2017:10:09:31.775183433 +0000] slapi_ldap_bind - 
Error: could not bind id [cn=Replication Manager 
masterAgreement1-dzien.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] 
authentication mechanism [SIMPLE]: error 32 (No such object) 
errno 0 (Success)
...


...



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170306/ca9c433e/attachment.htm>

More information about the Freeipa-users mailing list