Hi Mark, my problem is during the replica installation. I can't use
ldapmodify because *cn=directory manager * does not have the password
assigned.

Regards.

On Mon, Jun 12, 2017 at 1:38 PM, Mark Reynolds <marey...@redhat.com> wrote:

>
>
> On 06/11/2017 01:49 PM, Adrian HY via FreeIPA-users wrote:
>
> I think I detected the problem. The error log in the replica writes:
>
> *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length
> exceeds maximum allowed limit (length=2483849, limit=2097152).  Change the
> nsslapd-maxsasliosize attribute in cn=config to increase limit.*
>
> * [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned *
> According this: (https://access.redhat.com/documentation/en-US/Red_Hat_
> Directory_Server/8.2/pdf/Configuration_and_Command-
> Line_Tool_Reference/Red_Hat_Directory_Server-8.2-
> Configuration_and_Command-Line_Tool_Reference-en-US.pdf)
>
> "When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize
> limit, the server  immediately disconnects the client and logs a message to
> the error log, so that an administrator can adjust the setting if necessary"
>
> The problem now is how can I change the value of the attribute during
> replication.
>
> You just use ldapmodify to change the value on each replica:
>
> # ldapmodify -D "cn=directory manager" -W
> dn: cn=config
> changetype: modify
> replace: nsslapd-maxsasliosize
> nsslapd-maxsasliosize:  YOUR_NEW_VALUE
>
>
> Regards.
>
> On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com> wrote:
>
>> Hi folks, I had a problem with replication and I tried to add the slave
>> back to the replica. The process stops in the initial replication phase.
>>
>> The firewall and selinux are down and both servers are synchronized with
>> the time.
>>
>> Centos 7.3
>> Freeipa 4.4.0-14
>>
>> *Master error log:*
>>
>> 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
>> bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) ()
>> [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning:
>> unable to acquire replica for total update, error: 49, retrying in 1
>> seconds.
>> [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
>> bind with GSSAPI auth resumed
>> [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning
>> total update of replica "agmt="cn=meTousuarios-replica.ipa.server.com"
>> (usuarios-replica:389)".
>> [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Failed to
>> send extended operation: LDAP error -1 (Can't contact LDAP server)
>> [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Received
>> error -1 (Can't contact LDAP server):  for total updat
>> e operation
>> [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Warning:
>> unable to send endReplication extended operation (Can'
>> t contact LDAP server)
>> [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total
>> update failed for replica "agmt="cn=meTousuarios-replica.ipa.server.com"
>> (usuarios-replica:389)", error (-11)
>> [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
>> bind with GSSAPI auth resumed
>> [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote
>> replica has a different database generation ID than
>> the local database.  You may have to reinitialize the remote replica, or
>> the local replica.
>> [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn=
>> meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote
>> replica has a different database generation ID than
>> the local database.  You may have to reinitialize the remote replica, or
>> the local replica.
>>
>> *Client ipareplica-install.log:*
>>
>> 2017-06-11T05:24:24Z DEBUG stderr=
>> 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout
>> 300
>> 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt
>> 1/5]
>> 2017-06-11T05:24:24Z DEBUG flushing ldap://usuarios.ipa.server.com:389
>> from SchemaCache
>> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap://
>> usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject
>> instance at 0x86909e0>
>> 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
>> 2017-06-11T05:24:24Z DEBUG flushing 
>> ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
>> from SchemaCache
>> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
>> url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
>> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
>> 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 449, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 439, in run_step
>>     method()
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>> line 416, in __setup_replica
>>     repl.setup_promote_replication(self.master_fqdn)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>> line 1643, in setup_promote_replication
>>     raise RuntimeError("Failed to start replication")
>> RuntimeError: Failed to start replication
>>
>> 2017-06-11T05:24:46Z DEBUG   [error] RuntimeError: Failed to start
>> replication
>> 2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976
>> 2017-06-11T05:24:46Z DEBUG   File 
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>> line 171, in execute
>>     return_value = self.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
>> 318, in run
>>     cfgr.run()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 310, in run
>>     self.execute()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 332, in execute
>>     for nothing in self._executor():
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 372, in __runner
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 362, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 359, in <lambda>
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 586, in _configure
>>     next(executor)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 372, in __runner
>>     self._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 449, in _handle_exception
>>     self.__parent._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 446, in _handle_exception
>>     super(ComponentBase, self)._handle_exception(exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 394, in _handle_exception
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 362, in __runner
>>     step()
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>> line 359, in <lambda>
>>     step = lambda: next(self.__gen)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 81, in run_generator_with_yield_from
>>     six.reraise(*exc_info)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>> line 59, in run_generator_with_yield_from
>>     value = gen.send(prev_value)
>>   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
>> line 63, in _install
>>     for nothing in self._installer(self.parent):
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>> line 1722, in main
>>     promote(self)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>> line 372, in decorated
>>     func(installer)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>> line 1423, in promote
>>     promote=True, pkcs12_info=dirsrv_pkcs12_info)
>>   File 
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>> line 135, in install_replica_ds
>>     api=remote_api,
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>> line 401, in create_replica
>>     self.start_creation(runtime=60)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 449, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>> line 439, in run_step
>>     method()
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>> line 416, in __setup_replica
>>     repl.setup_promote_replication(self.master_fqdn)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>> line 1643, in setup_promote_replication
>>     raise RuntimeError("Failed to start replication")
>>
>>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to