Choudhury, Suhail wrote:
> Okay tried that Petr, but yes still getting the LDAP connection error:
> ------------------------------------------------------------------------------------------------------------
>     return_value = main_function()
> 
>   File "/usr/sbin/ipa-replica-install", line 431, in main
>     tls_cacertfile=CACERT)
> 
>   File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in 
> connect
>     conn = self.create_connection(*args, **kw)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 
> 846, in create_connection
>     self.handle_errors(e)
> 
>   File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py", line 
> 736, in handle_errors
>     error=u'LDAP Server Down')
> 
> ipa         : INFO     The ipa-replica-install command failed, exception: 
> NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
> 
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> Unexpected error - see /var/log/ipareplica-install.log for details:
> NetworkError: cannot connect to 'ldaps://ipa01.domain.com': LDAP Server Down
> ------------------------------------------------------------------------------------------------------------
> 

What command-line are you using?

> 
> Running the LDAP query directly is successful:
> ------------------------------------------------------------------------------------------------------------
> [root@recsds3 ~]# ldapsearch -x -s one -b cn=schema -h ipa01.domain.com

This isn't exactly the same thing. Try this:

# ldapsearch -x -H ldaps://ipa01.domain.com -s one -b cn=schema

You may also want to look at the 389-ds access log on ipa01 to see if
the connection was rejected.

> Is there an exhaustive list of ports(TCP/UDP) required for IPA replica setup? 
> I just successfully created an IPA replica by connecting to another IPA 
> master so it perhaps it is a specific port that is required that is not 
> apparent?

It depends very much on what version of IPA you are installing with what
features.

Generally though the list is TCP 389, 636, 88, 464, 80 and 443, UDP 88,
464. Older versions may require more.

ipa-replica-conncheck, which is run as part of the replica install
unless you've disabled it, should confirm that the required ports are open.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to