On 06/13/2017 09:49 AM, Adrian HY wrote:
> Hi Mark, my problem is during the replica installation. I can't use
> ldapmodify because *cn=directory manager * does not have the password
> assigned.
Did you remove the password from the config?  There is always a password
set during the install.  Anyway, to reset it use this doc:

http://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
>
> Regards.
>
> On Mon, Jun 12, 2017 at 1:38 PM, Mark Reynolds <marey...@redhat.com
> <mailto:marey...@redhat.com>> wrote:
>
>
>
>     On 06/11/2017 01:49 PM, Adrian HY via FreeIPA-users wrote:
>>     I think I detected the problem. The error log in the replica writes:
>>
>>     *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet
>>     length exceeds maximum allowed limit (length=2483849,
>>     limit=2097152).  Change the nsslapd-maxsasliosize attribute in
>>     cn=config to increase limit.*
>>     *
>>     [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned
>>
>>     *
>>     According this:
>>     
>> (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf
>>     
>> <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf>)
>>
>>     "When an incoming SASL IO packet is larger than the
>>     nsslapd-maxsasliosize limit, the server  immediately disconnects
>>     the client and logs a message to the error log, so that an
>>     administrator can adjust the setting if necessary"
>>
>>     The problem now is how can I change the value of the attribute
>>     during replication.
>     You just use ldapmodify to change the value on each replica:
>
>     # ldapmodify -D "cn=directory manager" -W
>     dn: cn=config
>     changetype: modify
>     replace: nsslapd-maxsasliosize
>     nsslapd-maxsasliosize:  YOUR_NEW_VALUE
>
>>
>>     Regards.
>>
>>     On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com
>>     <mailto:ayeja...@gmail.com>> wrote:
>>
>>         Hi folks, I had a problem with replication and I tried to add
>>         the slave back to the replica. The process stops in the
>>         initial replication phase.
>>
>>         The firewall and selinux are down and both servers are
>>         synchronized with the time.
>>
>>         Centos 7.3
>>         Freeipa 4.4.0-14
>>
>>         *Master error log:*
>>
>>         11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin -
>>         agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Replication bind with GSSAPI auth
>>         failed: LDAP error 49 (Invalid credentials) ()
>>         [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin
>>         - Warning: unable to acquire replica for total update, error:
>>         49, retrying in 1 seconds.
>>         [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Replication bind with GSSAPI auth resumed
>>         [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin
>>         - Beginning total update of replica
>>         "agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389)".
>>         [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Failed to send extended operation:
>>         LDAP error -1 (Can't contact LDAP server)
>>         [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Received error -1 (Can't contact LDAP
>>         server):  for total updat
>>         e operation
>>         [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Warning: unable to send
>>         endReplication extended operation (Can'
>>         t contact LDAP server)
>>         [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin
>>         - Total update failed for replica
>>         "agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389)", error (-11)
>>         [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): Replication bind with GSSAPI auth resumed
>>         [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): The remote replica has a different
>>         database generation ID than
>>         the local database.  You may have to reinitialize the remote
>>         replica, or the local replica.
>>         [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin
>>         - agmt="cn=meTousuarios-replica.ipa.server.com
>>         <http://meTousuarios-replica.ipa.server.com>"
>>         (usuarios-replica:389): The remote replica has a different
>>         database generation ID than
>>         the local database.  You may have to reinitialize the remote
>>         replica, or the local replica.
>>
>>         *Client ipareplica-install.log:*
>>
>>         2017-06-11T05:24:24Z DEBUG stderr=
>>         2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost
>>         [389] timeout 300
>>         2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from
>>         master [attempt 1/5]
>>         2017-06-11T05:24:24Z DEBUG flushing
>>         ldap://usuarios.ipa.server.com:389
>>         <http://usuarios.ipa.server.com:389> from SchemaCache
>>         2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
>>         url=ldap://usuarios.ipa.server.com:389
>>         <http://usuarios.ipa.server.com:389>
>>         conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86909e0>
>>         2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
>>         2017-06-11T05:24:24Z DEBUG flushing
>>         ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket from
>>         SchemaCache
>>         2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
>>         url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
>>         conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
>>         2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>         line 449, in start_creation
>>             run_step(full_msg, method)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>         line 439, in run_step
>>             method()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>>         line 416, in __setup_replica
>>             repl.setup_promote_replication(self.master_fqdn)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>>         line 1643, in setup_promote_replication
>>             raise RuntimeError("Failed to start replication")
>>         RuntimeError: Failed to start replication
>>
>>         2017-06-11T05:24:46Z DEBUG   [error] RuntimeError: Failed to
>>         start replication
>>         2017-06-11T05:24:46Z DEBUG Destroyed connection
>>         context.ldap2_101192976
>>         2017-06-11T05:24:46Z DEBUG   File
>>         "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>>         line 171, in execute
>>             return_value = self.run()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
>>         line 318, in run
>>             cfgr.run()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 310, in run
>>             self.execute()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 332, in execute
>>             for nothing in self._executor():
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 372, in __runner
>>             self._handle_exception(exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 394, in _handle_exception
>>             six.reraise(*exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 362, in __runner
>>             step()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 359, in <lambda>
>>             step = lambda: next(self.__gen)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>         line 81, in run_generator_with_yield_from
>>             six.reraise(*exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>         line 59, in run_generator_with_yield_from
>>             value = gen.send(prev_value)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 586, in _configure
>>             next(executor)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 372, in __runner
>>             self._handle_exception(exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 449, in _handle_exception
>>             self.__parent._handle_exception(exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 394, in _handle_exception
>>             six.reraise(*exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 446, in _handle_exception
>>             super(ComponentBase, self)._handle_exception(exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 394, in _handle_exception
>>             six.reraise(*exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 362, in __runner
>>             step()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
>>         line 359, in <lambda>
>>             step = lambda: next(self.__gen)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>         line 81, in run_generator_with_yield_from
>>             six.reraise(*exc_info)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
>>         line 59, in run_generator_with_yield_from
>>             value = gen.send(prev_value)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
>>         line 63, in _install
>>             for nothing in self._installer(self.parent):
>>           File
>>         
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>         line 1722, in main
>>             promote(self)
>>           File
>>         
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>         line 372, in decorated
>>             func(installer)
>>           File
>>         
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>         line 1423, in promote
>>             promote=True, pkcs12_info=dirsrv_pkcs12_info)
>>           File
>>         
>> "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
>>         line 135, in install_replica_ds
>>             api=remote_api,
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>>         line 401, in create_replica
>>             self.start_creation(runtime=60)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>         line 449, in start_creation
>>             run_step(full_msg, method)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
>>         line 439, in run_step
>>             method()
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
>>         line 416, in __setup_replica
>>             repl.setup_promote_replication(self.master_fqdn)
>>           File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
>>         line 1643, in setup_promote_replication
>>             raise RuntimeError("Failed to start replication")
>>
>>
>>
>>
>>     _______________________________________________
>>     FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>     <mailto:freeipa-users@lists.fedorahosted.org>
>>     To unsubscribe send an email to 
>> freeipa-users-le...@lists.fedorahosted.org
>>     <mailto:freeipa-users-le...@lists.fedorahosted.org>
>
>

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to