RE:

I am not sure I was clear. It seems that you provided the LDAP trace for the 
ldapsearch commands you executed above. I was talking about the DS level logs 
for the replica management agreement establishment and the follow up 
replication.

here is the log  tailed while I deleted teh replication agreement, restarted 
the dirsrv and tried to setup the replication agreement



[31/Jan/2014:19:07:37 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:08:12 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:08:13 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:08:25 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:10:01 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:11:51 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:11:54 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:12:00 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:12:12 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:12:36 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:13:12 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:13:13 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:13:24 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:13:57 +0000] NSMMReplicationPlugin - agmt_delete: begin
[31/Jan/2014:19:14:09 +0000] - slapd shutting down - signaling operation threads
[31/Jan/2014:19:14:09 +0000] - slapd shutting down - waiting for 30 threads to 
terminate
[31/Jan/2014:19:14:09 +0000] - slapd shutting down - closing down internal 
subsystems and plugins
[31/Jan/2014:19:14:09 +0000] - Waiting for 4 database threads to stop
[31/Jan/2014:19:14:09 +0000] - All database threads now stopped
[31/Jan/2014:19:14:09 +0000] - slapd stopped.
[31/Jan/2014:19:14:12 +0000] - 389-Directory/1.2.11.15 B2013.337.1530 starting 
up
[31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no entries set up 
under cn=computers, cn=compat,dc=boingo,dc=com
[31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no entries set up 
under cn=ng, cn=compat,dc=boingo,dc=com
[31/Jan/2014:19:14:12 +0000] schema-compat-plugin - warning: no entries set up 
under ou=sudoers,dc=boingo,dc=com
[31/Jan/2014:19:14:12 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which should be 
added before the CoS Definition.
[31/Jan/2014:19:14:12 +0000] set_krb5_creds - Could not get initial credentials 
for principal [ldap/se-idm-01.boingo....@boingo.com] in keytab 
[FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
[31/Jan/2014:19:14:12 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which should be 
added before the CoS Definition.
[31/Jan/2014:19:14:12 +0000] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (Credentials cache file 
'/tmp/krb5cc_495' not found)) errno 0 (Success)
[31/Jan/2014:19:14:12 +0000] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
[31/Jan/2014:19:14:12 +0000] NSMMReplicationPlugin - 
agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind with 
GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: 
GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information 
(Credentials cache file '/tmp/krb5cc_495' not found))
[31/Jan/2014:19:14:12 +0000] - slapd started.  Listening on All Interfaces port 
389 for LDAP requests
[31/Jan/2014:19:14:12 +0000] - Listening on All Interfaces port 636 for LDAPS 
requests
[31/Jan/2014:19:14:12 +0000] - Listening on /var/run/slapd-BOINGO-COM.socket 
for LDAPI requests
[31/Jan/2014:19:14:16 +0000] NSMMReplicationPlugin - 
agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind with 
GSSAPI auth resumed
[31/Jan/2014:19:15:18 +0000] - slapd shutting down - signaling operation threads
[31/Jan/2014:19:15:18 +0000] - slapd shutting down - waiting for 30 threads to 
terminate
[31/Jan/2014:19:15:18 +0000] - slapd shutting down - closing down internal 
subsystems and plugins
[31/Jan/2014:19:15:18 +0000] - Waiting for 4 database threads to stop
[31/Jan/2014:19:15:18 +0000] - All database threads now stopped
[31/Jan/2014:19:15:18 +0000] - slapd stopped.
[31/Jan/2014:19:15:23 +0000] - 389-Directory/1.2.11.15 B2013.337.1530 starting 
up
[31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no entries set up 
under cn=computers, cn=compat,dc=boingo,dc=com
[31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no entries set up 
under cn=ng, cn=compat,dc=boingo,dc=com
[31/Jan/2014:19:15:23 +0000] schema-compat-plugin - warning: no entries set up 
under ou=sudoers,dc=boingo,dc=com
[31/Jan/2014:19:15:23 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which should be 
added before the CoS Definition.
[31/Jan/2014:19:15:23 +0000] set_krb5_creds - Could not get initial credentials 
for principal [ldap/se-idm-01.boingo....@boingo.com] in keytab 
[FILE:/etc/dirsrv/ds.keytab]: -1765328324 (Generic error (see e-text))
[31/Jan/2014:19:15:23 +0000] - Skipping CoS Definition cn=Password 
Policy,cn=accounts,dc=boingo,dc=com--no CoS Templates found, which should be 
added before the CoS Definition.
[31/Jan/2014:19:15:23 +0000] slapd_ldap_sasl_interactive_bind - Error: could 
not perform interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local 
error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  
Minor code may provide more information (Credentials cache file 
'/tmp/krb5cc_495' not found)) errno 0 (Success)
[31/Jan/2014:19:15:23 +0000] slapi_ldap_bind - Error: could not perform 
interactive bind for id [] mech [GSSAPI]: error -2 (Local error)
[31/Jan/2014:19:15:23 +0000] NSMMReplicationPlugin - 
agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind with 
GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: 
GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information 
(Credentials cache file '/tmp/krb5cc_495' not found))
[31/Jan/2014:19:15:23 +0000] - slapd started.  Listening on All Interfaces port 
389 for LDAP requests
[31/Jan/2014:19:15:23 +0000] - Listening on All Interfaces port 636 for LDAPS 
requests
[31/Jan/2014:19:15:23 +0000] - Listening on /var/run/slapd-BOINGO-COM.socket 
for LDAPI requests
[31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:25 +0000] NSMMReplicationPlugin - 
agmt="cn=meToqatestdc2.boingoqa.local" (qatestdc2:389): Replication bind with 
SIMPLE auth failed: LDAP error -11 (Connect error) (TLS error -8179:Peer's 
Certificate issuer is not recognized.)
[31/Jan/2014:19:15:25 +0000] - Entry 
"cn=meToqatestdc2.boingoqa.local,cn=replica,cn=dc\3Dboingo\2Cdc\3Dcom,cn=mapping
 tree,cn=config" -- attribute "nsDS5ReplicatedAttributeListTotal" not allowed
[31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:25 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:26 +0000] NSMMReplicationPlugin - 
agmt="cn=meTose-idm-02.boingo.com" (se-idm-02:389): Replication bind with 
GSSAPI auth resumed
[31/Jan/2014:19:15:27 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:27 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:28 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)
[31/Jan/2014:19:15:30 +0000] slapi_ldap_bind - Error: could not send startTLS 
request: error -11 (Connect error) errno 0 (Success)

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to