On Tue, 25 Nov 2014, Rich Megginson wrote:

On 11/25/2014 12:32 PM, dbisc...@hrz.uni-kassel.de wrote:

with the help of Thierry and Rich I managed to debug the running ns-slapd on Server1 (see below). The failing attempt of decoding the SASL data returns a not very fruitful "-1" (SASL_FAIL, "generic failure").

Any ideas? Short summary:

Server1 = running IPA server
Server2 = intended IPA replica

Both machines run the exact same, up-to-date version of CentOS 6.6. However: I had to run "ipa-replica-install" _without_ the option "--setup-ca" (didn't work, installation failed with some obscure Perl error), so there's no ns-slapd instance running for PKI-IPA. May this be related?
At this point, it's going to take more than a trivial amount of high latency back-and-forth on the mailling lists. I think we have probably run out of log levels for you to try. Please open a ticket against IPA. While this may turn out to be a bug in 389, at the moment it is only reproducible in your IPA environment.

I've opened Ticket #4807
on this issue.


Mit freundlichen Gruessen/With best regards,


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to