Re: [Freeipa-devel] Database error on replicas

Wed, 03 Jun 2015 02:44:53 -0700 

Hi Ludwig,

Yep all 3 hosts were up and running during this test execution.

On 06/03/2015 11:09 AM, Ludwig Krispenz wrote:

Oleg,
is the master and the replicas up and running ? The error messages look like the dna plugin wants to establish an ldap connection to extend it's range - and fails. I don't see how the topology plugin would interfere, but of course there could be a side efect. 

Ludwig

On 06/03/2015 10:46 AM, Martin Babinsky wrote:

On 06/03/2015 10:33 AM, Oleg Fayans wrote:

Hi,

With the latest freeipa code containing Topology plugin patches, I am
unable to make any changes in replicas.

I have the following topology:
replica1 <=> master <=> replica3
Here is the output of the ipa topologysegment-find command:

Suffix name: realm
------------------
2 segments matched
------------------
   Segment name: replica1.zaeba.li-to-testmaster.zaeba.li
   Left node: replica1.zaeba.li
   Right node: testmaster.zaeba.li
   Connectivity: both

   Segment name: replica3.zaeba.li-to-testmaster.zaeba.li
   Left node: replica3.zaeba.li
   Right node: testmaster.zaeba.li
   Connectivity: both
----------------------------
Number of entries returned 2
----------------------------


Any changes on master get replicated to replicas successfully. However,
any attempts to change anything on replicas, for example, create a user, 
result in the error message about DatabaseError (attached).

The corresponding part of the dirsrv log looks like this:

03/Jun/2015:04:11:55 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -1
(Can't contact LDAP server)
[03/Jun/2015:04:15:02 -0400] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) 
[03/Jun/2015:04:16:55 -0400] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 2 (No such file or directory) 
[03/Jun/2015:04:16:55 -0400] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -1
(Can't contact LDAP server)

The full log is attached




Hi Oleg,
could you also post the output of 'journalctl -xe' related to dirsrv (on master and also on replicas)? I have seen a couple of segfaults there during reviewing Petr Vobornik's topology* commands. 





--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to