Steven Jones wrote:
starting replication, please wait until this has completed.
Update in progress
Update in progress
Update in progress
Update in progress
Update in progress
Update succeeded
   [21/27]: adding replication acis
   [22/27]: initializing group membership
   [23/27]: adding master entry
   [24/27]: configuring Posix uid/gid generation
   [25/27]: enabling compatibility plugin
   [26/27]: tuning directory server
   [27/27]: configuring directory to start on boot
done configuring dirsrv.
Configuring Kerberos KDC: Estimated time 30 seconds
   [1/9]: adding sasl mappings to the directory
   [2/9]: writing stash file from DS
   [3/9]: configuring KDC
   [4/9]: creating a keytab for the directory
   [5/9]: creating a keytab for the machine
   [6/9]: adding the password extension to the directory
   [7/9]: enable GSSAPI for replication
creation of replica failed: list index out of range

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
[root@fed14-64-ipam002 ~]#

  messages log
Mar  3 00:12:04 fed14-64-ipam002 kernel: [11214.180151] ns-slapd[7867]:
segfault at 0 ip 00007f
e9a7fd5de4 sp 00007fe9617e0910 error 4 in[7fe9a7fd3000

Replica install log
2011-03-03 00:12:14,977 INFO Changing agreement,cn=replica,cn
=dc\3Dipa\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config to restore
original schedule 0000-2359
2011-03-03 00:12:15,997 INFO Replication Update in progress: FALSE:
status: 0 Replica acquired
successfully: Incremental update succeeded: start: 20110302111214Z: end:
2011-03-03 00:12:16,048 DEBUG list index out of range
   File "/usr/sbin/ipa-replica-install", line 507, in<module>

   File "/usr/sbin/ipa-replica-install", line 468, in main
     install_krb(config, setup_pkinit=options.setup_pkinit)

   File "/usr/sbin/ipa-replica-install", line 216, in install_krb
     setup_pkinit, pkcs12_info)

line 211, in create
     self.start_creation("Configuring Kerberos KDC", 30)

   File "/usr/lib/python2.7/site-packages/ipaserver/install/",
line 283, in start_crea

line 556, in __conv

line 688, in conver
     self.gssapi_update_agreements(self.conn, r_conn)
line 458, in gssapi
     self.setup_krb_princs_as_replica_binddns(a, b)

line 451, in setup_
     mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)]

So how to fix?



Ok, this is a new one and may be similar to other hostname issues you've run into. Can you give me the output of this search:

ldapsearch -x -b 'dc=example,dc=com' 'krbprincipalname=ldap/*' dn

I would expect the same results from both your new replica and your existing master but if they're different that would be good to know.

I'm going to guess that either we stored a non-fqdn or we're searching for a non-fqdn (we'll have to infer that, I think, if you have the fqdn stored in LDAP).

We are doing a very specific search for the principal for the hostnames on each side of the replication agreement, I'm guessing that we're not finding one of them and we haven't taken that into consideration. I filed for this.


Freeipa-users mailing list

Reply via email to