After I do the sync command,

ipa-replica-manage add --winsync --binddn 
cn=administrator,cn=users,dc=example,dc=com --bindpw <domain admin password>  \
--cacert /path/to/certfile.cer adserver.example.com --passsync <domain admin 
password> -v


this is what starts in the error log,


[22/Sep/2010:14:33:36 +1200] - slapd shutting down - signaling operation threads
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - closing down internal 
subsystems and plugins
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - error in 
windows_conn_get_search_result, rc=-1
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - 
agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636): Failed to get 
search operation: LDAP error 81 (Can't contact LDAP server)
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - failed to send dirsync 
search request: 2
[22/Sep/2010:14:43:36 +1200] NSMMReplicationPlugin - Finished total update of 
replica "agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636)". 
Sent 0 entries.

So after ten mins the LDAP server isnt responding, After ten minutes there is 
some more in the error log,

[22/Sep/2010:14:53:36 +1200] NSMMReplicationPlugin - Warning: incremental 
protocol for replica "agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" 
(vuwwincodc00001:636)" did not shut down properly.
[22/Sep/2010:14:53:37 +1200] - Waiting for 4 database threads to stop
[22/Sep/2010:14:53:37 +1200] - All database threads now stopped
[22/Sep/2010:14:53:37 +1200] - slapd stopped.


regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rich Megginson [mailto:rmegg...@redhat.com] 
Sent: Wednesday, 22 September 2010 2:45 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
> Hi,
>
> Ok, it isnt crashing the LDAP server/service its doing a shutdown of it 
> according to the error log...
>   
What exactly do you see in the error log?  Can you provide excerpts?  
Can you also provide excerpts of the access log from around the time of 
the shutdown?
> So while a sync is happening the LDAP server is offline?
>   
No, not possible.  Something is going wrong.
> How long should this take?
>
> 30secs?
>
> 3mins?
>
> 30mins?
>
> regards
>
> Steven Jones Technical Specialist Linux/Vmware
> Tele 64 4 463 6272
> Victoria University
> Kelburn
> New Zealand
>
>
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Steven Jones
> Sent: Wednesday, 22 September 2010 2:27 p.m.
> To: Freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] probems installin freeipa v2
>
> For ipa-replica-manage list
>
> The output is my AD
>
> vuwwincodc00001.vuw.ac.nz
>
>
> regards
>
> Steven Jones Technical Specialist Linux/Vmware
> Tele 64 4 463 6272
> Victoria University
> Kelburn
> New Zealand
>
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcrit...@redhat.com] 
> Sent: Wednesday, 22 September 2010 2:20 p.m.
> To: Steven Jones
> Cc: Freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] probems installin freeipa v2
>
> Steven Jones wrote:
>   
>> Hi,
>>
>> yes I think you are correct, --binpw is ndded except running this crashed 
>> the LDAP server....or sends it off to zombie land and I have to reboot it!
>>
>>
>> ipa-replica-manage add --winsync --binddn 
>> cn=administrator,cn=users,dc=example,dc=com --bindpw<domain admin password>  
>> \
>> --cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
>> password>     -v
>>
>> Is there a log somewhere to look for why?
>>     
>
> Crashed which LDAP server? Logs are in /var/log/dirsrv-YOUR_INSTANCE_NAME.
>
> Can you provide the output of ipa-replica-manage?
>
> rob
>
>   
>> regards
>>
>> Steven Jones Technical Specialist Linux/Vmware
>> Tele 64 4 463 6272
>> Victoria University
>> Kelburn
>> New Zealand
>>
>>
>> -----Original Message-----
>> From: Rob Crittenden [mailto:rcrit...@redhat.com]
>> Sent: Wednesday, 22 September 2010 1:57 p.m.
>> To: Steven Jones
>> Cc: Freeipa-users@redhat.com
>> Subject: Re: [Freeipa-users] probems installin freeipa v2
>>
>> Steven Jones wrote:
>>     
>>> This time I copied the output from the ldapsearch command
>>>
>>> "dn: cn=ipa_pwd_extop,cn=plugins,cn=config"
>>>
>>> and it worked...
>>>       
>> Cosmic rays maybe, those strings look identical to me. Glad its working
>> now in any case.
>>
>>     
>>> ?
>>>
>>> So, section 4.4
>>>
>>> ipa-replica-manage add --winsync --binddn 
>>> cn=administrator,cn=users,dc=example,dc=com \
>>> --bindpw password --cacert /path/to/certfile.cer adserver.example.com -v
>>>
>>> This appears to be wrong?
>>>
>>> It should be,
>>>
>>> ipa-replica-manage add --winsync --binddn 
>>> cn=administrator,cn=users,dc=example,dc=com \
>>> --cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
>>> password>     -v
>>>
>>>       
>> You're right in that --passsync is required but --bindpw should also be
>> required.
>>
>> I filed https://bugzilla.redhat.com/show_bug.cgi?id=636377 for this.
>>
>> rob
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>     
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>   


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to