Well - here is the problem and solution:

Fails every time:

Install master, enable migration, migrate existing LDAP config/users, setup replication, fails.

Works every time:

Install master, setup replication, enable migration, migrate existing LDAP config/users, works perfectly.

So -- a problem with migration settings??

On 9/9/14 8:25 AM, Rich Megginson wrote:
On 09/09/2014 09:20 AM, Kat wrote:
This brings up a question - if I just installed a master -- shouldn't I be able to create the replica immediately after (even if I did a migration from an old LDAP server?)

Yes.

Am I looking at some sort of "wait until I'm done.." condition with the primary server?

Well, it depends. Did you get the "[10 Total update abortedLDAP error: Referral]" from the primary or the secondary?


This is the only other replica so there is nothing there. I guess time to go digging around. It is 3.3.3 on CentOS 7..

I'll let you know if I fine anything else.

Thanks.

On 9/9/14 7:56 AM, Rich Megginson wrote:
On 09/09/2014 08:39 AM, Kat wrote:
Anyone seen this before -- 2 freshly kicked CentOS 7 installs:

On the replica from the ipa-replica-install :

reports: Update failed! Status: [10 Total update abortedLDAP error: Referral]
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

Is it possible that the replica was being initialized by another replica, or you tried to initialize it again while a replica init was already running? Error 10 Referral is returned by a replica when you attempt an ldap operation against it while it is being initialized i.e. the database is locked, so any other operation gets a "busy signal" and a referral to another replica.


and then the errors file for 389-ds

"The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica."

This just means the replica has not been initialized yet.


~K





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to