On 11/12/19 4:47 PM, Graham Leggett wrote:
Hi all,
We have a long standing 389ds master LDAP server that was found to be unable to
contact it’s slaves. Most specifically, the slaves show nothing in their logs
about any kind of connection, while the master is logging this:
[12/Nov/2019:21:39:47.212715697 +0000] - ERR - slapi_ldap_bind - Could not send
bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1
(Can't contact LDAP server), system error 0 (no error), network error 0
(Unknown error, host “ldap01:636”)
What is the bind method of the agreement? SSLCLIENTAUTH? The problem
is that the ID is anonymous (anon). So it's not binding correctly to
the consumer. What do you have for these attributes in the replication
agreement:
This is what I have:
dn: cn=blah,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
nsDS5ReplicaBindMethod: sslclientauth
nsDS5ReplicaTransportInfo: LDAPS
nsDS5ReplicaBindDN: cn=replication manager,cn=config
Mark
Key is "system error 0 (no error)”, which leaves us stumped. The error is
obviously “success”.
Has anyone seen this kind of thing before?
This is 389ds running on CentOS7 as follows:
389-ds-base-1.3.9.1-10.el7.x86_64
Regards,
Graham
—
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
