On 10/25/2014 06:17 PM, Dmitri Pal wrote:
On 10/24/2014 07:15 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Craig White
*Sent:* Friday, October 24, 2014 4:02 PM
*To:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] multi-master replication
I would have thought that changes go from replica to master and not
just master to replica.
Is there something I have to do to make the changes bi-directional?
Replying to my own post…
Logs are my friend ;-)
[24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa001.domain.local " (ipa001:389): Replication bind
with GSSAPI auth resumed
[24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa001.domain.local " (ipa001:389): Warning: unable to
replicate schema: rc=2
[24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa001.domain.local " (ipa001:389): Failed to send
update operation to consumer (uniqueid
e018060f-5bb011e4-81078979-dc802980, CSN 544aa346000000030000): Can't
contact LDAP server. Will retry later.
[24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa001.domain.local " (ipa001:389): Consumer failed to
replay change (uniqueid (null), CSN (null)): Can't contact LDAP
server(-1). Will retry later.
These NULLs look suspicious.
I hope DS gurus will have more for you on Monday.
1) Yes, replication is fully bi-directional.
2) What are the exact versions of dirsrv? rpm -q 389-ds-base on
supplier and consumer.
3) Can you reproduce the problem using the replication log level on both
the supplier and consumer?
http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting
[24/Oct/2014:23:08:17 +0000] NSMMReplicationPlugin -
agmt="cn=meToipa001.domain.local" (ipa001:389): Warning: unable to
send endReplication extended operation (Can't contact LDAP server)
And on the master, I see a bunch of…
sasl_io_recv failed to decode packet for connection 4113
but dirsrv is running on both machines and firewalls aren’t in the
way because I managed to set up the initial replication from master
to replica without a problem and the firewall rules are the same for
both machines.
# rpm -qa | grep ipa
ipa-admintools-3.0.0-42.el6.x86_64
libipa_hbac-python-1.11.6-30.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-client-3.0.0-42.el6.x86_64
ipa-server-selinux-3.0.0-42.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
sssd-ipa-1.11.6-30.el6.x86_64
ipa-python-3.0.0-42.el6.x86_64
ipa-server-3.0.0-42.el6.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
RHEL 6.5
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project