Digging a bit deeper, I found this in /var/log/pki-ca/catalina.out:
Could not connect to LDAP server host oldmaster.my.com port 7389 Error
netscape.ldap.LDAPException: failed to connect to server ldap://
Feb 19, 2013 11:46:50 AM org.apache.catalina.startup.Catalina stopServer
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
This certainly appears to be a problem, but everyone's authenticating
against oldmaster just fine. Thoughts, anyone?
On Tue, Feb 19, 2013 at 11:07 AM, Bret Wortman <bret.wort...@damascusgrp.com
> Does anyone have an idea why I can't connect, or why this service isn't
> running on my freeipa instance? It used to be, because I've created a
> replica in the past....
> *Bret Wortman*
> http://damascusgrp.com/ <http://bretwortman.com/>
> On Tue, Feb 19, 2013 at 9:08 AM, John Dennis <jden...@redhat.com> wrote:
>> On 02/19/2013 06:58 AM, Bret Wortman wrote:
>>> I have a server running freeipa and I want to migrate it to a new host.
>>> I had thought that the easiest way might be to create a replica and load
>>> that onto the new host, but this is proving problematic:
>>> # ipa-replica-prepare ipamaster.my.com <http://ipamaster.my.com>
>>> --ip-address 10.0.0.46
>>> Directory Manager (existing master) password:
>>> Preparing replica for ipamaster.my.com <http://ipamaster.my.com> from
>>> oldmaster.my.com <http://oldmaster.my.com>
>>> Creating SSL certificate for the Directory Server
>>> preparation of replica failed: cannot connect to
>>> -5985] Cannot resolve oldmaster.my.com <http://oldmaster.my.com> using
>>> family PR_AF_INET6
>>> And then a stack trace follows.
>>> # netstat -rn | grep 9444
>>> # lsof -i:9444
>>> I've also tried connecting to that URL via Firefox without success. It's
>>> just not listening there. What do I need to check? Someone else is
>>> running some apps (redmine and others) using Passenger on that server as
>>> well; could it be obscuring the port somehow?
>>> We're not running IPV6, so I'm not sure why it's being referenced....
>> I can't comment on why you can't connect but I can explain the error
>> message. It's an internal mistake, if we can't connect we try another
>> address family, that logic is incorrect and I thought we had fixed in this
>> but apparently we didn't. Anyway the error message is a red herring, your
>> connection problems lie elsewhere.
>> John Dennis <jden...@redhat.com>
>> Looking to carve out IT costs?
Freeipa-users mailing list