On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager
--group-container=ou=group --schema=RFC2307 --with-compat

It failed promptly with this:
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for "CN=ipa1.sri.utoronto.ca,O=SRI.UTORONTO.CA"
ipa: DEBUG: handshake complete, peer = IP_of_ipa1:443
ipa: DEBUG: Caught fault 4203 from server
http://ipa1.sri.utoronto.ca/ipa/xml: Can't contact LDAP server:
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Can't contact LDAP server:

/var/log/dirsrv/access shows:
[12/Aug/2012:07:53:26 -0400] conn=81 op=6 SRCH
base="cn=accounts,dc=sri,dc=utoronto,dc=ca" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount))" attrs="objectClass
uid userPassword uidNumber gidNumber gecos homeDirectory loginShell
krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn
shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration
pwdattribute authorizedService accountexpires useraccountcontrol
nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap
[12/Aug/2012:07:53:26 -0400] conn=81 op=6 RESULT err=0 tag=101
nentries=0 etime=0

Previous installation of VBox VM (RHEL 6.3 with IPA ) did not have this

Check your iptables/firewall configuration on both hosts.

I have disabled iptables on ipa1, ipa1 and openldap can ping each other.


Freeipa-users mailing list

Reply via email to