Steven Jones wrote:
After I do the sync command,
ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com
--bindpw <domain admin password> \
--cacert /path/to/certfile.cer adserver.example.com --passsync <domain admin
password> -v
this is what starts in the error log,
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - signaling operation threads
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - closing down internal
subsystems and plugins
what's in the access log from around this time?
This looks like some sort of bug in the directory server - the directory
server did not finish shutting down . . .
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - error in
windows_conn_get_search_result, rc=-1
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin -
agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636): Failed to get
search operation: LDAP error 81 (Can't contact LDAP server)
[22/Sep/2010:14:43:35 +1200] NSMMReplicationPlugin - failed to send dirsync
search request: 2
And I think the fact that the directory server is in this weird state is
what causes these errors.
[22/Sep/2010:14:43:36 +1200] NSMMReplicationPlugin - Finished total update of replica
"agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636)". Sent 0
entries.
So after ten mins the LDAP server isnt responding, After ten minutes there is
some more in the error log,
[22/Sep/2010:14:53:36 +1200] NSMMReplicationPlugin - Warning: incremental protocol for replica
"agmt="cn=meTovuwwincodc00001.vuw.ac.nz636" (vuwwincodc00001:636)" did not shut
down properly.
[22/Sep/2010:14:53:37 +1200] - Waiting for 4 database threads to stop
[22/Sep/2010:14:53:37 +1200] - All database threads now stopped
[22/Sep/2010:14:53:37 +1200] - slapd stopped.
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-----Original Message-----
From: Rich Megginson [mailto:[email protected]]
Sent: Wednesday, 22 September 2010 2:45 p.m.
To: Steven Jones
Cc: [email protected]
Subject: Re: [Freeipa-users] probems installin freeipa v2
Steven Jones wrote:
Hi,
Ok, it isnt crashing the LDAP server/service its doing a shutdown of it
according to the error log...
What exactly do you see in the error log? Can you provide excerpts?
Can you also provide excerpts of the access log from around the time of
the shutdown?
So while a sync is happening the LDAP server is offline?
No, not possible. Something is going wrong.
How long should this take?
30secs?
3mins?
30mins?
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Steven Jones
Sent: Wednesday, 22 September 2010 2:27 p.m.
To: [email protected]
Subject: Re: [Freeipa-users] probems installin freeipa v2
For ipa-replica-manage list
The output is my AD
vuwwincodc00001.vuw.ac.nz
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-----Original Message-----
From: Rob Crittenden [mailto:[email protected]]
Sent: Wednesday, 22 September 2010 2:20 p.m.
To: Steven Jones
Cc: [email protected]
Subject: Re: [Freeipa-users] probems installin freeipa v2
Steven Jones wrote:
Hi,
yes I think you are correct, --binpw is ndded except running this crashed the
LDAP server....or sends it off to zombie land and I have to reboot it!
ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com
--bindpw<domain admin password> \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin
password> -v
Is there a log somewhere to look for why?
Crashed which LDAP server? Logs are in /var/log/dirsrv-YOUR_INSTANCE_NAME.
Can you provide the output of ipa-replica-manage?
rob
regards
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand
-----Original Message-----
From: Rob Crittenden [mailto:[email protected]]
Sent: Wednesday, 22 September 2010 1:57 p.m.
To: Steven Jones
Cc: [email protected]
Subject: Re: [Freeipa-users] probems installin freeipa v2
Steven Jones wrote:
This time I copied the output from the ldapsearch command
"dn: cn=ipa_pwd_extop,cn=plugins,cn=config"
and it worked...
Cosmic rays maybe, those strings look identical to me. Glad its working
now in any case.
?
So, section 4.4
ipa-replica-manage add --winsync --binddn
cn=administrator,cn=users,dc=example,dc=com \
--bindpw password --cacert /path/to/certfile.cer adserver.example.com -v
This appears to be wrong?
It should be,
ipa-replica-manage add --winsync --binddn
cn=administrator,cn=users,dc=example,dc=com \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin
password> -v
You're right in that --passsync is required but --bindpw should also be
required.
I filed https://bugzilla.redhat.com/show_bug.cgi?id=636377 for this.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
