Hi everybody, any suggestions regarding this problem? On Sun, Jun 11, 2017 at 1:49 PM, Adrian HY <ayeja...@gmail.com> wrote:
> I think I detected the problem. The error log in the replica writes: > > *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length > exceeds maximum allowed limit (length=2483849, limit=2097152). Change the > nsslapd-maxsasliosize attribute in cn=config to increase limit.* > > *[11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned* > According this: (https://access.redhat.com/documentation/en-US/Red_Hat_ > Directory_Server/8.2/pdf/Configuration_and_Command- > Line_Tool_Reference/Red_Hat_Directory_Server-8.2- > Configuration_and_Command-Line_Tool_Reference-en-US.pdf) > > "When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize > limit, the server immediately disconnects the client and logs a message to > the error log, so that an administrator can adjust the setting if necessary" > > The problem now is how can I change the value of the attribute during > replication. > > Regards. > > On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com> wrote: > >> Hi folks, I had a problem with replication and I tried to add the slave >> back to the replica. The process stops in the initial replication phase. >> >> The firewall and selinux are down and both servers are synchronized with >> the time. >> >> Centos 7.3 >> Freeipa 4.4.0-14 >> >> *Master error log:* >> >> 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication >> bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () >> [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning: >> unable to acquire replica for total update, error: 49, retrying in 1 >> seconds. >> [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication >> bind with GSSAPI auth resumed >> [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning >> total update of replica "agmt="cn=meTousuarios-replica.ipa.server.com" >> (usuarios-replica:389)". >> [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Failed to >> send extended operation: LDAP error -1 (Can't contact LDAP server) >> [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Received >> error -1 (Can't contact LDAP server): for total updat >> e operation >> [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Warning: >> unable to send endReplication extended operation (Can' >> t contact LDAP server) >> [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total >> update failed for replica "agmt="cn=meTousuarios-replica.ipa.server.com" >> (usuarios-replica:389)", error (-11) >> [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication >> bind with GSSAPI auth resumed >> [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote >> replica has a different database generation ID than >> the local database. You may have to reinitialize the remote replica, or >> the local replica. >> [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn= >> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote >> replica has a different database generation ID than >> the local database. You may have to reinitialize the remote replica, or >> the local replica. >> >> *Client ipareplica-install.log:* >> >> 2017-06-11T05:24:24Z DEBUG stderr= >> 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout >> 300 >> 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt >> 1/5] >> 2017-06-11T05:24:24Z DEBUG flushing ldap://usuarios.ipa.server.com:389 >> from SchemaCache >> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap:// >> usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject >> instance at 0x86909e0> >> 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId. >> 2017-06-11T05:24:24Z DEBUG flushing >> ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket >> from SchemaCache >> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache >> url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket >> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440> >> 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last): >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 449, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 439, in run_step >> method() >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 416, in __setup_replica >> repl.setup_promote_replication(self.master_fqdn) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 1643, in setup_promote_replication >> raise RuntimeError("Failed to start replication") >> RuntimeError: Failed to start replication >> >> 2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start >> replication >> 2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976 >> 2017-06-11T05:24:46Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", >> line 171, in execute >> return_value = self.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line >> 318, in run >> cfgr.run() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 310, in run >> self.execute() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 332, in execute >> for nothing in self._executor(): >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 586, in _configure >> next(executor) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 372, in __runner >> self._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 449, in _handle_exception >> self.__parent._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 446, in _handle_exception >> super(ComponentBase, self)._handle_exception(exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 394, in _handle_exception >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 362, in __runner >> step() >> File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", >> line 359, in <lambda> >> step = lambda: next(self.__gen) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 81, in run_generator_with_yield_from >> six.reraise(*exc_info) >> File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", >> line 59, in run_generator_with_yield_from >> value = gen.send(prev_value) >> File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", >> line 63, in _install >> for nothing in self._installer(self.parent): >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1722, in main >> promote(self) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 372, in decorated >> func(installer) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 1423, in promote >> promote=True, pkcs12_info=dirsrv_pkcs12_info) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", >> line 135, in install_replica_ds >> api=remote_api, >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 401, in create_replica >> self.start_creation(runtime=60) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 449, in start_creation >> run_step(full_msg, method) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 439, in run_step >> method() >> File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", >> line 416, in __setup_replica >> repl.setup_promote_replication(self.master_fqdn) >> File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", >> line 1643, in setup_promote_replication >> raise RuntimeError("Failed to start replication") >> >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org