Hey Adrian, Not sure if it will resolve your problem, but have you tried to reinitialize the replica? You can run this on the replica: # ipa-replica-manage re-initialize --from=usuarios.ipa.server.com
I hope this help you. Cheers, Givaldo Lins De: "Adrian HY via FreeIPA-users" <freeipa-users@lists.fedorahosted.org> Para: freeipa-users@lists.fedorahosted.org Cc: "Adrian HY" <ayeja...@gmail.com> Enviadas: Segunda-feira, 12 de junho de 2017 9:05:03 Assunto: [Freeipa-users] Re: replication problem Hi everybody, any suggestions regarding this problem? On Sun, Jun 11, 2017 at 1:49 PM, Adrian HY < ayeja...@gmail.com > wrote: I think I detected the problem. The error log in the replica writes: [11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length exceeds maximum allowed limit (length=2483849, limit=2097152). Change the nsslapd-maxsasliosize attribute in cn=config to increase limit. [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned According this: ( https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf ) "When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize limit, the server immediately disconnects the client and logs a message to the error log, so that an administrator can adjust the setting if necessary" The problem now is how can I change the value of the attribute during replication. Regards. On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY < ayeja...@gmail.com > wrote: BQ_BEGIN Hi folks, I had a problem with replication and I tried to add the slave back to the replica. The process stops in the initial replication phase. The firewall and selinux are down and both servers are synchronized with the time. Centos 7.3 Freeipa 4.4.0-14 Master error log: 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning: unable to acquire replica for total update, error: 49, retrying in 1 seconds. [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with GSSAPI auth resumed [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389)". [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Failed to send extended operation: LDAP error -1 (Can't contact LDAP server) [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Received error -1 (Can't contact LDAP server): for total updat e operation [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Warning: unable to send endReplication extended operation (Can' t contact LDAP server) [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total update failed for replica "agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389)", error (-11) [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): Replication bind with GSSAPI auth resumed [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn= meTousuarios-replica.ipa.server.com " (usuarios-replica:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. Client ipareplica-install.log: 2017-06-11T05:24:24Z DEBUG stderr= 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5] 2017-06-11T05:24:24Z DEBUG flushing ldap:// usuarios.ipa.server.com:389 from SchemaCache 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap:// usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86909e0> 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId. 2017-06-11T05:24:24Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket from SchemaCache 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440> 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 416, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1643, in setup_promote_replication raise RuntimeError("Failed to start replication") RuntimeError: Failed to start replication 2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start replication 2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976 2017-06-11T05:24:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run cfgr.run() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run self.execute() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute for nothing in self._executor(): File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure next(executor) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner self._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install for nothing in self._installer(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1722, in main promote(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 372, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 1423, in promote promote=True, pkcs12_info=dirsrv_pkcs12_info) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", line 135, in install_replica_ds api=remote_api, File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 401, in create_replica self.start_creation(runtime=60) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 416, in __setup_replica repl.setup_promote_replication(self.master_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", line 1643, in setup_promote_replication raise RuntimeError("Failed to start replication") BQ_END _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
