Hi,
On Mon, 15 Dec 2014, [email protected] wrote:
On Tue, 25 Nov 2014, Rich Megginson wrote:
On 11/25/2014 12:32 PM, [email protected] wrote:
with the help of Thierry and Rich I managed to debug the running
ns-slapd on Server1 (see below). The failing attempt of decoding the
SASL data returns a not very fruitful "-1" (SASL_FAIL, "generic
failure").
Any ideas? Short summary:
Server1 = running IPA server
Server2 = intended IPA replica
Both machines run the exact same, up-to-date version of CentOS 6.6.
However: I had to run "ipa-replica-install" _without_ the option
"--setup-ca" (didn't work, installation failed with some obscure Perl
error), so there's no ns-slapd instance running for PKI-IPA. May this
be related?
[...]
At this point, it's going to take more than a trivial amount of high
latency back-and-forth on the mailling lists. I think we have probably
run out of log levels for you to try. Please open a ticket against
IPA. While this may turn out to be a bug in 389, at the moment it is
only reproducible in your IPA environment.
[...]
I've opened Ticket #4807
https://fedorahosted.org/freeipa/ticket/4807
on this issue.
problem resolved, increasing nsslapd-sasl-max-buffer-size to 2MB did it. I
administer 2 very small installations, with ~20 users and ~10 hosts each.
If this happens with installations like mine, the default for new
installations should probably be raised in the next 3.0.0 update package.
I've closed the ticket.
Thank you for your support.
Mit freundlichen Gruessen/With best regards,
--Daniel.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
