On Mon, 15 Dec 2014, dbisc...@hrz.uni-kassel.de wrote:

On Tue, 25 Nov 2014, Rich Megginson wrote:
On 11/25/2014 12:32 PM, dbisc...@hrz.uni-kassel.de wrote:

with the help of Thierry and Rich I managed to debug the running ns-slapd on Server1 (see below). The failing attempt of decoding the SASL data returns a not very fruitful "-1" (SASL_FAIL, "generic failure").

Any ideas? Short summary:

Server1 = running IPA server
Server2 = intended IPA replica

Both machines run the exact same, up-to-date version of CentOS 6.6. However: I had to run "ipa-replica-install" _without_ the option "--setup-ca" (didn't work, installation failed with some obscure Perl error), so there's no ns-slapd instance running for PKI-IPA. May this be related?
At this point, it's going to take more than a trivial amount of high latency back-and-forth on the mailling lists. I think we have probably run out of log levels for you to try. Please open a ticket against IPA. While this may turn out to be a bug in 389, at the moment it is only reproducible in your IPA environment.

I've opened Ticket #4807
on this issue.

problem resolved, increasing nsslapd-sasl-max-buffer-size to 2MB did it. I administer 2 very small installations, with ~20 users and ~10 hosts each. If this happens with installations like mine, the default for new installations should probably be raised in the next 3.0.0 update package.

I've closed the ticket.

Thank you for your support.

Mit freundlichen Gruessen/With best regards,


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to