My sincere apologies: I forgot to start slapd on my openldap server...


On 13/08/2012 10:39 AM, Rob Crittenden wrote:
Qing Chang wrote:
Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new
ESXi host,
after preparing migration mode as well as adding necessary
objectclasses, tried
to run following:
ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager
--group-container=ou=group --schema=RFC2307 --with-compat

It failed promptly with this:
ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer
ipa: DEBUG: cert valid True for ",O=SRI.UTORONTO.CA"
ipa: DEBUG: handshake complete, peer = IP_of_ipa1:443
ipa: DEBUG: Caught fault 4203 from server Can't contact LDAP server:
ipa: DEBUG: Destroyed connection context.xmlclient
ipa: ERROR: Can't contact LDAP server:

/var/log/dirsrv/access shows:
[12/Aug/2012:07:53:26 -0400] conn=81 op=6 SRCH
base="cn=accounts,dc=sri,dc=utoronto,dc=ca" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount))" attrs="objectClass
uid userPassword uidNumber gidNumber gecos homeDirectory loginShell
krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn
shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration
pwdattribute authorizedService accountexpires useraccountcontrol
nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap
[12/Aug/2012:07:53:26 -0400] conn=81 op=6 RESULT err=0 tag=101
nentries=0 etime=0

Previous installation of VBox VM (RHEL 6.3 with IPA ) did not have this

Check your iptables/firewall configuration on both hosts.


Freeipa-users mailing list

Reply via email to