Hi Ludwig,

Nope, I did not remove the replica2 (this time) I just used replica3 machine because I had it by hand. I'll re-run the whole procedure today to see if it reproduces


On 06/01/2015 04:52 PM, Ludwig Krispenz wrote:
Hi Oleg,
On 06/01/2015 04:14 PM, Petr Vobornik wrote:
On 06/01/2015 01:48 PM, Ludwig Krispenz wrote:

On 06/01/2015 01:34 PM, Oleg Fayans wrote:
So far I've bumped into problem, using the newly built packages:

I've installed a master, a replica (replica1) Then replica3 (prepared
on replica1), so, my topology looks like this:

master <=> replica1 <=> replica3

However, the `ipa topologysegment-find` shows correct topology only on
replicas (not on master)
looks like replication from replica1 to master is not/nolonger working.
will look into this.

With the same topology, replication works for me. I've not done anything else related to topology after the installation. Maybe some other operations caused that.
could it be that you had a replica2 which you had removed ?



The second problem, is that the changes (like user creation) made on
any of the nodes do not get replicate to other ones. The dirsrv logs
are full of GSSAPI errors like this:

Seems to be caused by the first issue.


=====================================================================
[01/Jun/2015:07:04:48 -0400] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[01/Jun/2015:07:09:46 -0400] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
[01/Jun/2015:07:09:47 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 0 (Success)
=====================================================================

Full logs are attached
I am using the 389-ds-base from mreynolds/389-ds-base dnf repo:
root@testmaster:~]$ rpm -q 389-ds-base
389-ds-base-2015_03_11-1.fc21.x86_64

I used the one from mkosek/freeipa-master COPR: 389-ds-base-1.3.4.a1-20150512143653.git1bf67a4.fc17.src.rpm




On 06/01/2015 11:19 AM, Oleg Fayans wrote:
Woks for me too. Will perform extensive testing today, and report
everything that I find.
Thanks, Ludwig!
On 05/29/2015 04:44 PM, Ludwig Krispenz wrote:
This is a patch for the two issues reported in ticket #5035
https://fedorahosted.org/freeipa/ticket/5035



Works for me. I was able to install 2 replicas with domain level 1
in one topology.

Code looks good to me as well. Tentative ACK (would be nice if it
was skimmed by Thierry).



--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to