<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/01/2014 03:28 PM, Nevada Sanchez
wrote:<br>
</div>
<blockquote
cite="mid:CAPUVn2sm36jrBro4oibJy+B8E-nvG2mFE_=J=FsDtmMATgADuQ@mail.gmail.com"
type="cite">
<div dir="ltr">Okay, I just tried doing this on a FRESH fedora 19
image (applied all updates, installed freeipa, made a new
replica file for the new test server, and went state to
ipa-replica-insntall). Exact same errors. Anything else I should
try?</div>
</blockquote>
<br>
I don't know.<br>
<br>
Does anyone on the IPA team know what the ipa_lockout errors are
about, and if they would cause replication not to work?<br>
<br>
<blockquote
cite="mid:CAPUVn2sm36jrBro4oibJy+B8E-nvG2mFE_=J=FsDtmMATgADuQ@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Apr 1, 2014 at 3:22 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div class="h5">
<div>On 04/01/2014 01:16 PM, Nevada Sanchez wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>389-ds-base-1.3.1.22-1.fc19.x86_64</div>
<div><br>
</div>
<div>The following, I think, summarizes the
contents of the error log (I probably
uninstalled and tried reimporting 2 or 3 times
in what is shown).</div>
<div><br>
</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>
<div>[01/Apr/2014:03:42:46 -0400] - WARNING:
Import is running with
nsslapd-db-private-import-mem on; No other
process is allowed to access the database</div>
<div>[01/Apr/2014:03:42:46 -0400] -
check_and_set_import_cache: pagesize: 4096,
pages: 1970554, procpages: 53717</div>
<div>[01/Apr/2014:03:42:46 -0400] - Import
allocates 3152884KB import cache.</div>
<div>[01/Apr/2014:03:42:46 -0400] - import
userRoot: Beginning import job...</div>
<div>[01/Apr/2014:03:42:46 -0400] - import
userRoot: Index buffering enabled with bucket
size 100</div>
<div>[01/Apr/2014:03:42:46 -0400] - import
userRoot: Processing file
"/var/lib/dirsrv/boot.ldif"</div>
<div>[01/Apr/2014:03:42:46 -0400] - import
userRoot: Finished scanning file
"/var/lib/dirsrv/boot.ldif" (1 entries)</div>
<div>[01/Apr/2014:03:42:46 -0400] - import
userRoot: Workers finished; cleaning up...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Workers cleaned up.</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Cleaning up producer thread...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Indexing complete.
Post-processing...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Generating numSubordinates complete.</div>
<div>[01/Apr/2014:03:42:47 -0400] - Nothing to
do to build ancestorid index</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Flushing caches...</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Closing files...</div>
<div>[01/Apr/2014:03:42:47 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:03:42:47 -0400] - import
userRoot: Import complete. Processed 1
entries in 1 seconds. (1.00 entries/sec)</div>
<div>[01/Apr/2014:03:42:47 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:03:42:47 -0400] - Db home
directory is not set. Possibly
nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the
config file.</div>
<div>[01/Apr/2014:03:42:48 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:03:42:48 -0400] - Db home
directory is not set. Possibly
nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the
config file.</div>
<div>[01/Apr/2014:03:42:48 -0400] - I'm resizing
my cache now...cache was 3228553216 and is now
8000000</div>
<div>[01/Apr/2014:03:42:48 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:03:42:48 -0400] - The change
of nsslapd-ldapilisten will not take effect
until the server is restarted</div>
<div>[01/Apr/2014:03:43:01 -0400] - Warning:
Adding configuration attribute
"nsslapd-security"</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd
shutting down - signaling operation threads</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd
shutting down - waiting for 27 threads to
terminate</div>
<div>[01/Apr/2014:03:43:01 -0400] - slapd
shutting down - closing down internal
subsystems and plugins</div>
<div>[01/Apr/2014:03:43:01 -0400] - Waiting for
4 database threads to stop</div>
<div>[01/Apr/2014:03:43:02 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:03:43:02 -0400] - slapd
stopped.</div>
<div>[01/Apr/2014:03:43:03 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No
symmetric key found for cipher AES in backend
userRoot, attempting to create one...</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt -
Key for cipher AES successfully generated and
stored</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt - No
symmetric key found for cipher 3DES in backend
userRoot, attempting to create one...</div>
<div>[01/Apr/2014:03:43:03 -0400] attrcrypt -
Key for cipher 3DES successfully generated and
stored</div>
<div>[01/Apr/2014:03:43:03 -0400]
ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get
default realm (-1765328160)</div>
<div>[01/Apr/2014:03:43:04 -0400]
ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - Listening on
All Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd
shutting down - signaling operation threads</div>
<div>[01/Apr/2014:03:43:04 -0400] - slapd
shutting down - waiting for 27 threads to
terminate</div>
<div>[01/Apr/2014:03:43:05 -0400] - slapd
shutting down - closing down internal
subsystems and plugins</div>
<div>[01/Apr/2014:03:43:05 -0400] - Waiting for
4 database threads to stop</div>
<div>[01/Apr/2014:03:43:05 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:03:43:05 -0400] - slapd
stopped.</div>
<div>[01/Apr/2014:03:43:06 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:03:43:06 -0400]
ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get
default realm (-1765328160)</div>
<div>[01/Apr/2014:03:43:06 -0400]
ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:03:43:06 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:03:43:06 -0400] - Listening on
All Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:03:43:06 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div>[01/Apr/2014:03:43:08 -0400]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://meToipa.example.com"
target="_blank">meToipa.example.com</a>"
(ipa:389): The remote replica has a different
database generation ID than the local
database. You may have to reinitialize the
remote replica, or the local replica.</div>
<div>[01/Apr/2014:03:43:08 -0400]
NSMMReplicationPlugin -
multimaster_be_state_change: replica
dc=example,dc=com is going offline; disabling
replication</div>
<div>[01/Apr/2014:03:43:08 -0400] - WARNING:
Import is running with
nsslapd-db-private-import-mem on; No other
process is allowed to access the database</div>
<div>[01/Apr/2014:03:43:11 -0400] - import
userRoot: Workers finished; cleaning up...</div>
<div>[01/Apr/2014:03:43:11 -0400] - import
userRoot: Workers cleaned up.</div>
<div>[01/Apr/2014:03:43:11 -0400] - import
userRoot: Indexing complete.
Post-processing...</div>
<div>[01/Apr/2014:03:43:11 -0400] - import
userRoot: Generating numSubordinates complete.</div>
<div>[01/Apr/2014:03:43:12 -0400] - import
userRoot: Flushing caches...</div>
<div>[01/Apr/2014:03:43:12 -0400] - import
userRoot: Closing files...</div>
<div>[01/Apr/2014:03:43:12 -0400] - import
userRoot: Import complete. Processed 453
entries in 4 seconds. (113.25 entries/sec)</div>
<div>[01/Apr/2014:03:43:12 -0400]
NSMMReplicationPlugin -
multimaster_be_state_change: replica
dc=example,dc=com is coming online; enabling
replication</div>
<div>[01/Apr/2014:03:43:12 -0400] - Skipping CoS
Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS
Templates found, which should be added before
the CoS Definition.</div>
<div>[01/Apr/2014:03:43:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:43:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:03:48:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:48:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:53:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:03:53:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:03:58:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:03:58:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:03:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:03:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:08:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:08:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:13:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:13:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:18:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:18:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:23:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:23:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:28:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:28:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:33:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:33:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:38:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:38:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:43:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:43:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:48:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:48:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:53:19 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:53:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:04:58:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:04:58:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:03:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:03:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:08:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:08:18 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:13:18 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:13:19 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:14:36 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:36 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:41 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:14:41 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:14:46 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:46 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> [01/Apr/2014:05:14:58 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:14:58 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd
shutting down - signaling operation threads</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd
shutting down - waiting for 28 threads to
terminate</div>
<div>[01/Apr/2014:05:15:00 -0400] - slapd
shutting down - closing down internal
subsystems and plugins</div>
<div>[01/Apr/2014:05:15:01 -0400] - Waiting for
4 database threads to stop</div>
<div>[01/Apr/2014:05:15:01 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:05:15:01 -0400] - slapd
stopped.</div>
<div>[01/Apr/2014:05:27:38 -0400] - WARNING:
Import is running with
nsslapd-db-private-import-mem on; No other
process is allowed to access the database</div>
<div>[01/Apr/2014:05:27:38 -0400] -
check_and_set_import_cache: pagesize: 4096,
pages: 1970554, procpages: 53717</div>
<div>[01/Apr/2014:05:27:38 -0400] - Import
allocates 3152884KB import cache.</div>
<div>[01/Apr/2014:05:27:38 -0400] - import
userRoot: Beginning import job...</div>
<div>[01/Apr/2014:05:27:38 -0400] - import
userRoot: Index buffering enabled with bucket
size 100</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Processing file
"/var/lib/dirsrv/boot.ldif"</div>
<div> [01/Apr/2014:05:27:39 -0400] - import
userRoot: Finished scanning file
"/var/lib/dirsrv/boot.ldif" (1 entries)</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Workers finished; cleaning up...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Workers cleaned up.</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Cleaning up producer thread...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Indexing complete.
Post-processing...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Generating numSubordinates complete.</div>
<div>[01/Apr/2014:05:27:39 -0400] - Nothing to
do to build ancestorid index</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Flushing caches...</div>
<div>[01/Apr/2014:05:27:39 -0400] - import
userRoot: Closing files...</div>
<div>[01/Apr/2014:05:27:40 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:05:27:40 -0400] - import
userRoot: Import complete. Processed 1
entries in 2 seconds. (0.50 entries/sec)</div>
<div>[01/Apr/2014:05:27:40 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:05:27:40 -0400] - Db home
directory is not set. Possibly
nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the
config file.</div>
<div>[01/Apr/2014:05:27:40 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:05:27:40 -0400] - Db home
directory is not set. Possibly
nsslapd-directory (optionally
nsslapd-db-home-directory) is missing in the
config file.</div>
<div>[01/Apr/2014:05:27:40 -0400] - I'm resizing
my cache now...cache was 3228553216 and is now
8000000</div>
<div>[01/Apr/2014:05:27:41 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:05:27:41 -0400] - The change
of nsslapd-ldapilisten will not take effect
until the server is restarted</div>
<div>[01/Apr/2014:05:27:54 -0400] - Warning:
Adding configuration attribute
"nsslapd-security"</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd
shutting down - signaling operation threads</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd
shutting down - waiting for 28 threads to
terminate</div>
<div>[01/Apr/2014:05:27:54 -0400] - slapd
shutting down - closing down internal
subsystems and plugins</div>
<div>[01/Apr/2014:05:27:54 -0400] - Waiting for
4 database threads to stop</div>
<div>[01/Apr/2014:05:27:55 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:05:27:55 -0400] - slapd
stopped.</div>
<div>[01/Apr/2014:05:27:56 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No
symmetric key found for cipher AES in backend
userRoot, attempting to create one...</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt -
Key for cipher AES successfully generated and
stored</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt - No
symmetric key found for cipher 3DES in backend
userRoot, attempting to create one...</div>
<div>[01/Apr/2014:05:27:56 -0400] attrcrypt -
Key for cipher 3DES successfully generated and
stored</div>
<div>[01/Apr/2014:05:27:56 -0400]
ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get
default realm (-1765328160)</div>
<div>[01/Apr/2014:05:27:56 -0400]
ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - Listening on
All Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd
shutting down - signaling operation threads</div>
<div>[01/Apr/2014:05:27:56 -0400] - slapd
shutting down - waiting for 29 threads to
terminate</div>
<div>[01/Apr/2014:05:27:57 -0400] - slapd
shutting down - closing down internal
subsystems and plugins</div>
<div>[01/Apr/2014:05:27:57 -0400] - Waiting for
4 database threads to stop</div>
<div>[01/Apr/2014:05:27:57 -0400] - All database
threads now stopped</div>
<div>[01/Apr/2014:05:27:57 -0400] - slapd
stopped.</div>
<div>[01/Apr/2014:05:27:58 -0400] -
389-Directory/1.3.1.22.a1 B2014.073.1751
starting up</div>
<div>[01/Apr/2014:05:27:59 -0400]
ipalockout_get_global_config - [file
ipa_lockout.c, line 185]: Failed to get
default realm (-1765328160)</div>
<div>[01/Apr/2014:05:27:59 -0400]
ipaenrollment_start - [file ipa_enrollment.c,
line 393]: Failed to get default realm?!</div>
<div>[01/Apr/2014:05:27:59 -0400] - slapd
started. Listening on All Interfaces port 389
for LDAP requests</div>
<div>[01/Apr/2014:05:27:59 -0400] - Listening on
All Interfaces port 636 for LDAPS requests</div>
<div>[01/Apr/2014:05:27:59 -0400] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI
requests</div>
<div>[01/Apr/2014:05:28:01 -0400]
NSMMReplicationPlugin - agmt="cn=<a
moz-do-not-send="true"
href="http://meToipa.example.com"
target="_blank">meToipa.example.com</a>"
(ipa:389): The remote replica has a different
database generation ID than the local
database. You may have to reinitialize the
remote replica, or the local replica.</div>
<div>[01/Apr/2014:05:28:01 -0400]
NSMMReplicationPlugin -
multimaster_be_state_change: replica
dc=example,dc=com is going offline; disabling
replication</div>
<div>[01/Apr/2014:05:28:01 -0400] - WARNING:
Import is running with
nsslapd-db-private-import-mem on; No other
process is allowed to access the database</div>
<div>[01/Apr/2014:05:28:04 -0400] - import
userRoot: Workers finished; cleaning up...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import
userRoot: Workers cleaned up.</div>
<div>[01/Apr/2014:05:28:05 -0400] - import
userRoot: Indexing complete.
Post-processing...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import
userRoot: Generating numSubordinates complete.</div>
<div>[01/Apr/2014:05:28:05 -0400] - import
userRoot: Flushing caches...</div>
<div>[01/Apr/2014:05:28:05 -0400] - import
userRoot: Closing files...</div>
<div>[01/Apr/2014:05:28:06 -0400] - import
userRoot: Import complete. Processed 453
entries in 5 seconds. (90.60 entries/sec)</div>
<div>[01/Apr/2014:05:28:06 -0400]
NSMMReplicationPlugin -
multimaster_be_state_change: replica
dc=example,dc=com is coming online; enabling
replication</div>
<div>[01/Apr/2014:05:28:06 -0400] - Skipping CoS
Definition cn=Password
Policy,cn=accounts,dc=example,dc=com--no CoS
Templates found, which should be added before
the CoS Definition.</div>
<div>[01/Apr/2014:05:32:38 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:05:32:38 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div> .</div>
<div>.</div>
<div>.</div>
<div>[01/Apr/2014:13:12:39 -0400]
ipalockout_preop - [file ipa_lockout.c, line
749]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
<div>[01/Apr/2014:13:12:39 -0400]
ipalockout_postop - [file ipa_lockout.c, line
503]: Failed to retrieve entry "cn=Replication
Manager
cloneAgreement1-ipa2.example.com-pki-tomcat,ou=csusers,cn=config":
32</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
This seems bad, but I'm not sure if this is the root of
the replication problem.
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div> </div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Apr 1, 2014 at
1:13 PM, Rich Megginson <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div>On 04/01/2014 03:46 AM, Nevada
Sanchez wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I've had a replica
working with FreeIPA 3.2.1 for awhile.
After upgrading to 3.3.4, the replica
wouldn't recognize my admin login
anymore. After much troubleshooting, I
decided to try to redo the replica
since it was quite straightforward
when I first set it up (what could go
wrong, right?)</div>
</blockquote>
</div>
What is your version of 389-ds-base? rpm -q
389-ds-base<br>
<br>
What is in your dirsrv errors log?
/var/log/dirsrv/slapd-DOMAIN-TLD/errors<br>
<br>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div> <br>
</div>
<div>Unfortunately, I've spent most
of my day trying to get the
replica to work this time. I've
tried turning off all firewalls on
both machines, rebooting both
machines, upgrading all packages
on both machines (both are running
Fedora 19), reinstalling FreeIPA
packages, and several other
things, but I keep getting stuck
at the same step (see output
below).</div>
<div><br>
</div>
<div>=================================================================</div>
<div>
<div>
<div>[root@ipa2 ipaserver]#
ipa-replica-install
--setup-dns --no-forwarders
/var/lib/ipa/replica-info-ipa2.example.com.gpg</div>
<div>WARNING: conflicting
time&date synchronization
service 'chronyd' will</div>
<div>be disabled in favor of
ntpd</div>
<div><br>
</div>
<div>Run connection check to
master</div>
<div>Check connection from
replica to remote master '<a
moz-do-not-send="true"
href="http://ipa.example.com"
target="_blank">ipa.example.com</a>':</div>
<div> Directory Service:
Unsecure port (389): OK</div>
<div> Directory Service:
Secure port (636): OK</div>
<div> Kerberos KDC: TCP (88):
OK</div>
<div> Kerberos Kpasswd: TCP
(464): OK</div>
<div> HTTP Server: Unsecure
port (80): OK</div>
<div> HTTP Server: Secure port
(443): OK</div>
<div><br>
</div>
<div>The following list of ports
use UDP protocol and would
need to be</div>
<div>checked manually:</div>
<div> Kerberos KDC: UDP (88):
SKIPPED</div>
<div> Kerberos Kpasswd: UDP
(464): SKIPPED</div>
<div><br>
</div>
<div>Connection from replica to
master is OK.</div>
<div>Start listening on required
ports for remote master check</div>
<div>Get credentials to log in
to remote master</div>
<div>Check SSH connection to
remote master</div>
<div>Execute check on remote
master</div>
<div>Check connection from
master to remote replica '<a
moz-do-not-send="true"
href="http://ipa2.example.com"
target="_blank">ipa2.example.com</a>':</div>
<div> Directory Service:
Unsecure port (389): OK</div>
<div> Directory Service:
Secure port (636): OK</div>
<div> Kerberos KDC: TCP (88):
OK</div>
<div> Kerberos KDC: UDP (88):
OK</div>
<div> Kerberos Kpasswd: TCP
(464): OK</div>
<div> Kerberos Kpasswd: UDP
(464): OK</div>
<div> HTTP Server: Unsecure
port (80): OK</div>
<div> HTTP Server: Secure port
(443): OK</div>
<div><br>
</div>
<div>Connection from master to
replica is OK.</div>
<div><br>
</div>
<div>Connection check OK</div>
<div>Configuring NTP daemon
(ntpd)</div>
<div> [1/4]: stopping ntpd</div>
<div> [2/4]: writing
configuration</div>
<div> [3/4]: configuring ntpd
to start on boot</div>
<div> [4/4]: starting ntpd</div>
<div>Done configuring NTP daemon
(ntpd).</div>
<div>Configuring directory
server (dirsrv): Estimated
time 1 minute</div>
<div> [1/34]: creating
directory server user</div>
<div> [2/34]: creating
directory server instance</div>
<div> [3/34]: adding default
schema</div>
<div> [4/34]: enabling memberof
plugin</div>
<div> [5/34]: enabling winsync
plugin</div>
<div> [6/34]: configuring
replication version plugin</div>
<div> [7/34]: enabling IPA
enrollment plugin</div>
<div> [8/34]: enabling ldapi</div>
<div> [9/34]: configuring
uniqueness plugin</div>
<div> [10/34]: configuring uuid
plugin</div>
<div> [11/34]: configuring
modrdn plugin</div>
<div> [12/34]: configuring DNS
plugin</div>
<div> [13/34]: enabling
entryUSN plugin</div>
<div> [14/34]: configuring
lockout plugin</div>
<div> [15/34]: creating indices</div>
<div> [16/34]: enabling
referential integrity plugin</div>
<div> [17/34]: configuring ssl
for ds instance</div>
<div> [18/34]: configuring
certmap.conf</div>
<div> [19/34]: configure
autobind for root</div>
<div> [20/34]: configure new
location for managed entries</div>
<div> [21/34]: configure dirsrv
ccache</div>
<div> [22/34]: enable SASL
mapping fallback</div>
<div> [23/34]: restarting
directory server</div>
<div> [24/34]: setting up
initial replication</div>
<div>Starting replication,
please wait until this has
completed.</div>
<div>Update in progress, 5
seconds elapsed</div>
<div>[<a moz-do-not-send="true"
href="http://ipa.example.com" target="_blank">ipa.example.com</a>]
reports: Update failed!
Status: [-1 Total update
abortedLDAP error: Can't
contact LDAP server]</div>
</div>
<div> <br>
</div>
<div>Your system may be partly
configured.</div>
<div>Run
/usr/sbin/ipa-server-install
--uninstall to clean up.</div>
<div><br>
</div>
<div>Failed to start replication</div>
</div>
<div>=================================================================</div>
<div><br>
</div>
<div>I've confirmed that I can do
ldapsearch from each machine to
the other one for the replica
status records (through ldap and
ldaps), so I know that they can
communicate. Trouble is, something
behind the scenes is throwing the
status error (as seen in the
nsds5ReplicaLastInitStatus
attribute).</div>
<div><br>
</div>
<div>=================================================================</div>
<div>
<div>[root@ipa2 ipaserver]#
ldapsearch <a
moz-do-not-send="true">ldaps://</a><a
moz-do-not-send="true"
href="http://ipa.example.com:636"
target="_blank">ipa.example.com:636</a>
-D 'cn=Directory Manager' -w
##### -b 'cn=<a
moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
tree,cn=config'
'(objectClass=*)' -s base
nsds5ReplicaLastInitStart
nsds5replicaUpdateInProgress
nsds5ReplicaLastInitStatus cn
nsds5BeginReplicaRefresh
nsds5ReplicaLastInitEnd</div>
<div># extended LDIF</div>
<div>#</div>
<div># LDAPv3</div>
<div># base <cn=<a
moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
tree,cn=config> with scope
baseObject</div>
<div># filter: (objectclass=*)</div>
<div># requesting: <a
moz-do-not-send="true">ldaps://</a><a
moz-do-not-send="true"
href="http://ipa.example.com:636"
target="_blank">ipa.example.com:636</a>
(objectClass=*)
nsds5ReplicaLastInitStart
nsds5replicaUpdateInProgress
nsds5ReplicaLastInitStatus cn
nsds5BeginReplicaRefresh
nsds5ReplicaLastInitEnd </div>
<div>#</div>
<div><br>
</div>
<div># <a moz-do-not-send="true"
href="http://meToipa2.example.com" target="_blank">meToipa2.example.com</a>,
replica,
dc\3Dexample\2Cdc\3Dcom,</div>
<div> mapping tree, config</div>
<div>dn: cn=<a
moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a>,cn=replica,cn=dc\3Dexample\2Cd</div>
<div> c\3Dcom,cn=mapping
tree,cn=config</div>
<div>nsds5ReplicaLastInitStart:
20140401092800Z</div>
<div>nsds5replicaUpdateInProgress:
FALSE</div>
<div>nsds5ReplicaLastInitStatus:
-1 Total update abortedLDAP
error: Can't contact L</div>
<div> DAP server</div>
<div>cn: <a
moz-do-not-send="true"
href="http://meToipa2.example.com"
target="_blank">meToipa2.example.com</a></div>
<div>nsds5ReplicaLastInitEnd:
20140401092804Z</div>
<div><br>
</div>
<div># search result</div>
<div>search: 2</div>
<div>result: 0 Success</div>
<div><br>
</div>
<div># numResponses: 2</div>
<div># numEntries: 1</div>
</div>
<div>=================================================================</div>
<div><br>
</div>
<div>I'd really love for someone to
help out with this, as I can't
afford another entire night trying
to figure this out. Thanks in
advance!</div>
<div><br>
</div>
<div>-Nevada</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>