On 06/01/2015 01:34 PM, Oleg Fayans wrote:
So far I've bumped into problem, using the newly built packages:

I've installed a master, a replica (replica1) Then replica3 (prepared on replica1), so, my topology looks like this:

master <=> replica1 <=> replica3

However, the `ipa topologysegment-find` shows correct topology only on replicas (not on master)
looks like replication from replica1 to master is not/nolonger working.
will look into this.

master:
root@testmaster:~]$ ipa topologysegment-find
Suffix name: realm
-----------------
1 segment matched
-----------------
  Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
  Left node: replica1.zaeba.li
  Right node: testmaster.zaeba.li
  Connectivity: both
----------------------------
Number of entries returned 1
----------------------------

replica1:
ofayans@replica1:~]$ ipa topologysegment-find
Suffix name: realm
------------------
2 segments matched
------------------
  Segment name: replica1.zaeba.li-to-replica3.zaeba.li
  Left node: replica1.zaeba.li
  Right node: replica3.zaeba.li
  Connectivity: both

  Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
  Left node: replica1.zaeba.li
  Right node: testmaster.zaeba.li
  Connectivity: both
----------------------------
Number of entries returned 2
----------------------------

replica3:
ofayans@replica3:~]$ ipa topologysegment-find
Suffix name: realm
------------------
2 segments matched
------------------
  Segment name: replica1.zaeba.li-to-replica3.zaeba.li
  Left node: replica1.zaeba.li
  Right node: replica3.zaeba.li
  Connectivity: both

  Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
  Left node: replica1.zaeba.li
  Right node: testmaster.zaeba.li
  Connectivity: both
----------------------------
Number of entries returned 2
----------------------------

The second problem, is that the changes (like user creation) made on any of the nodes do not get replicate to other ones. The dirsrv logs are full of GSSAPI errors like this:

=====================================================================
[01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] authentication mechanism [GSSAPI]: error -1 (Can't contact LDAP server) [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) [01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) [01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 0 (Success)
=====================================================================

Full logs are attached
I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
root@testmaster:~]$ rpm -q 389-ds-base
389-ds-base-2015_03_11-1.fc21.x86_64



On 06/01/2015 11:19 AM, Oleg Fayans wrote:
Woks for me too. Will perform extensive testing today, and report everything that I find.
Thanks, Ludwig!
On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
This is a patch for the two issues reported in ticket #5035
https://fedorahosted.org/freeipa/ticket/5035



Works for me. I was able to install 2 replicas with domain level 1 in one topology.

Code looks good to me as well. Tentative ACK (would be nice if it was skimmed by Thierry).





-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to