Steven Jones wrote:
After I do the sync command,

ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com 
--bindpw <domain admin password>  \
--cacert /path/to/certfile.cer adserver.example.com --passsync <domain admin 
password> -v


this is what starts in the error log,


[22/Sep/2010:14:33:36 +1200] - slapd shutting down - signaling operation threads
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - closing down internal 
subsystems and plugins
what's in the access log from around this time?

This looks like some sort of bug in the directory server - the directory server did not finish shutting down . . .
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - error in 
windows_conn_get_search_result, rc=-1
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - 
agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636): Failed to get 
search operation: LDAP error 81 (Can't contact LDAP server)
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - failed to send dirsync 
search request: 2
And I think the fact that the directory server is in this weird state is what causes these errors.
[22/Sep/2010:14:43:36 +1200] NSMMReplicationPlugin - Finished total update of replica 
"agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636)". Sent 0 
entries.

So after ten mins the LDAP server isnt responding, After ten minutes there is 
some more in the error log,

[22/Sep/2010:14:53:36 +1200] NSMMReplicationPlugin - Warning: incremental protocol for replica 
"agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636)" did not shut 
down properly.
[22/Sep/2010:14:53:37 +1200] - Waiting for 4 database threads to stop
[22/Sep/2010:14:53:37 +1200] - All database threads now stopped
[22/Sep/2010:14:53:37 +1200] - slapd stopped.


regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Wednesday, 22 September 2010 2:45 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
Hi,

Ok, it isnt crashing the LDAP server/service its doing a shutdown of it 
according to the error log...
What exactly do you see in the error log? Can you provide excerpts? Can you also provide excerpts of the access log from around the time of the shutdown?
So while a sync is happening the LDAP server is offline?
No, not possible.  Something is going wrong.
How long should this take?

30secs?

3mins?

30mins?

regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Steven Jones
Sent: Wednesday, 22 September 2010 2:27 p.m.
To: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

For ipa-replica-manage list

The output is my AD

vuwwincodc00001.vuw.ac.nz


regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Wednesday, 22 September 2010 2:20 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
Hi,

yes I think you are correct, --binpw is ndded except running this crashed the 
LDAP server....or sends it off to zombie land and I have to reboot it!


ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com 
--bindpw<domain admin password>  \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
password>     -v

Is there a log somewhere to look for why?
Crashed which LDAP server? Logs are in /var/log/dirsrv-YOUR_INSTANCE_NAME.

Can you provide the output of ipa-replica-manage?

rob

regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 22 September 2010 1:57 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
This time I copied the output from the ldapsearch command

"dn: cn=ipa_pwd_extop,cn=plugins,cn=config"

and it worked...
Cosmic rays maybe, those strings look identical to me. Glad its working
now in any case.

?

So, section 4.4

ipa-replica-manage add --winsync --binddn 
cn=administrator,cn=users,dc=example,dc=com \
--bindpw password --cacert /path/to/certfile.cer adserver.example.com -v

This appears to be wrong?

It should be,

ipa-replica-manage add --winsync --binddn 
cn=administrator,cn=users,dc=example,dc=com \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
password>     -v

You're right in that --passsync is required but --bindpw should also be
required.

I filed https://bugzilla.redhat.com/show_bug.cgi?id=636377 for this.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to