On 06/11/2017 01:49 PM, Adrian HY via FreeIPA-users wrote:
> I think I detected the problem. The error log in the replica writes:
>
> *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length
> exceeds maximum allowed limit (length=2483849, limit=2097152).  Change
> the nsslapd-maxsasliosize attribute in cn=config to increase limit.*
> *
> [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned
>
> *
> According this:
> (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf)
>
> "When an incoming SASL IO packet is larger than the
> nsslapd-maxsasliosize limit, the server  immediately disconnects the
> client and logs a message to the error log, so that an administrator
> can adjust the setting if necessary"
>
> The problem now is how can I change the value of the attribute during
> replication.
You just use ldapmodify to change the value on each replica:

# ldapmodify -D "cn=directory manager" -W
dn: cn=config
changetype: modify
replace: nsslapd-maxsasliosize
nsslapd-maxsasliosize:  YOUR_NEW_VALUE

>
> Regards.
>
> On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com
> <mailto:ayeja...@gmail.com>> wrote:
>
>     Hi folks, I had a problem with replication and I tried to add the
>     slave back to the replica. The process stops in the initial
>     replication phase.
>
>     The firewall and selinux are down and both servers are
>     synchronized with the time.
>
>     Centos 7.3
>     Freeipa 4.4.0-14
>
>     *Master error log:*
>
>     11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Replication bind with GSSAPI auth failed:
>     LDAP error 49 (Invalid credentials) ()
>     [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin -
>     Warning: unable to acquire replica for total update, error: 49,
>     retrying in 1 seconds.
>     [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Replication bind with GSSAPI auth resumed
>     [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin -
>     Beginning total update of replica
>     "agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>" (usuarios-replica:389)".
>     [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Failed to send extended operation: LDAP
>     error -1 (Can't contact LDAP server)
>     [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Received error -1 (Can't contact LDAP
>     server):  for total updat
>     e operation
>     [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Warning: unable to send endReplication
>     extended operation (Can'
>     t contact LDAP server)
>     [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin -
>     Total update failed for replica
>     "agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389)", error (-11)
>     [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): Replication bind with GSSAPI auth resumed
>     [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): The remote replica has a different
>     database generation ID than
>     the local database.  You may have to reinitialize the remote
>     replica, or the local replica.
>     [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin -
>     agmt="cn=meTousuarios-replica.ipa.server.com
>     <http://meTousuarios-replica.ipa.server.com>"
>     (usuarios-replica:389): The remote replica has a different
>     database generation ID than
>     the local database.  You may have to reinitialize the remote
>     replica, or the local replica.
>
>     *Client ipareplica-install.log:*
>
>     2017-06-11T05:24:24Z DEBUG stderr=
>     2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389]
>     timeout 300
>     2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master
>     [attempt 1/5]
>     2017-06-11T05:24:24Z DEBUG flushing
>     ldap://usuarios.ipa.server.com:389
>     <http://usuarios.ipa.server.com:389> from SchemaCache
>     2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
>     url=ldap://usuarios.ipa.server.com:389
>     <http://usuarios.ipa.server.com:389>
>     conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86909e0>
>     2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
>     2017-06-11T05:24:24Z DEBUG flushing
>     ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket from SchemaCache
>     2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
>     url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
>     conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
>     2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>     line 449, in start_creation
>         run_step(full_msg, method)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>     line 439, in run_step
>         method()
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>     line 416, in __setup_replica
>         repl.setup_promote_replication(self.master_fqdn)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>     line 1643, in setup_promote_replication
>         raise RuntimeError("Failed to start replication")
>     RuntimeError: Failed to start replication
>
>     2017-06-11T05:24:46Z DEBUG   [error] RuntimeError: Failed to start
>     replication
>     2017-06-11T05:24:46Z DEBUG Destroyed connection
>     context.ldap2_101192976
>     2017-06-11T05:24:46Z DEBUG   File
>     "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
>     171, in execute
>         return_value = self.run()
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
>     318, in run
>         cfgr.run()
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     310, in run
>         self.execute()
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     332, in execute
>         for nothing in self._executor():
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     372, in __runner
>         self._handle_exception(exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     394, in _handle_exception
>         six.reraise(*exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     362, in __runner
>         step()
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     359, in <lambda>
>         step = lambda: next(self.__gen)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
>     81, in run_generator_with_yield_from
>         six.reraise(*exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
>     59, in run_generator_with_yield_from
>         value = gen.send(prev_value)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     586, in _configure
>         next(executor)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     372, in __runner
>         self._handle_exception(exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     449, in _handle_exception
>         self.__parent._handle_exception(exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     394, in _handle_exception
>         six.reraise(*exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     446, in _handle_exception
>         super(ComponentBase, self)._handle_exception(exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     394, in _handle_exception
>         six.reraise(*exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     362, in __runner
>         step()
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
>     359, in <lambda>
>         step = lambda: next(self.__gen)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
>     81, in run_generator_with_yield_from
>         six.reraise(*exc_info)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
>     59, in run_generator_with_yield_from
>         value = gen.send(prev_value)
>       File
>     "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
>     line 63, in _install
>         for nothing in self._installer(self.parent):
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>     line 1722, in main
>         promote(self)
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>     line 372, in decorated
>         func(installer)
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>     line 1423, in promote
>         promote=True, pkcs12_info=dirsrv_pkcs12_info)
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>     line 135, in install_replica_ds
>         api=remote_api,
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>     line 401, in create_replica
>         self.start_creation(runtime=60)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>     line 449, in start_creation
>         run_step(full_msg, method)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>     line 439, in run_step
>         method()
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>     line 416, in __setup_replica
>         repl.setup_promote_replication(self.master_fqdn)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>     line 1643, in setup_promote_replication
>         raise RuntimeError("Failed to start replication")
>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to