On 27.12.2016 12:55, Outback Dingo wrote:
On Tue, Dec 27, 2016 at 6:47 AM, Martin Basti <mba...@redhat.com> wrote:

On 27.12.2016 12:40, Outback Dingo wrote:
On Tue, Dec 27, 2016 at 5:59 AM, Martin Basti <mba...@redhat.com> wrote:

On 27.12.2016 00:25, Outback Dingo wrote:
Seems my secondary ipa server is somehow out of sync with the master,
is there any way to force a sync update ?

Can you elaborate more?

What exactly from DNS records is out of sync?

Martin

it appears as though at least one A record is missing there might be
more but thats the first i noticed


Can you please search for replication conflicts

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

and do you have any replication errors in /var/log/dirsrv/slapd-*/errors
log on servers?

Martin
from the master ipa

[root@ipa dingo]# cat /var/log/dirsrv/slapd-*/errors
        389-Directory/1.3.4.0 B2016.215.1556
        ipa.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM)

[20/Dec/2016:22:38:51 -0500] - SSL alert: Configured NSS Ciphers
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] - SSL alert:
TLS_RSA_WITH_SEED_CBC_SHA: enabled
[20/Dec/2016:22:38:51 -0500] SSL Initialization - Configured SSL
version range: min: TLS1.0, max: TLS1.2
[20/Dec/2016:22:38:51 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
[20/Dec/2016:22:38:51 -0500] - WARNING: changelog: entry cache size
2097152B is less than db size 4169728B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[20/Dec/2016:22:38:51 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[20/Dec/2016:22:38:52 -0500] schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server
startup!
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[20/Dec/2016:22:38:52 -0500] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[20/Dec/2016:22:38:52 -0500] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=optimcloud,dc=com. Check if DB RUV needs to be updated
[20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
o=ipaca. Check if DB RUV needs to be updated
[20/Dec/2016:22:38:53 -0500] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa.optimcloud....@optimcloud.com] in
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
KDC for requested realm)
[20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 111
(Connection refused)
[20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact
LDAP server) ()
[20/Dec/2016:22:38:53 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 111 (Connection refused)
[20/Dec/2016:22:38:53 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:38:53 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with
GSSAPI auth failed: LDAP error -1 (Can't contact LDAP server) ()
[20/Dec/2016:22:38:53 -0500] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[20/Dec/2016:22:38:53 -0500] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[20/Dec/2016:22:38:53 -0500] - Listening on All Interfaces port 636
for LDAPS requests
[20/Dec/2016:22:38:53 -0500] - Listening on
/var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
[20/Dec/2016:22:38:57 -0500] schema-compat-plugin - warning: no
entries set up under ou=sudoers,dc=optimcloud,dc=com
[20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no
entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
[20/Dec/2016:22:38:58 -0500] schema-compat-plugin - warning: no
entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
[20/Dec/2016:22:38:58 -0500] schema-compat-plugin - Finished plugin
initialization.
[20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:38:58 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:38:58 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:39:05 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:39:05 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:39:17 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:39:17 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:39:41 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:39:41 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:40:29 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:40:29 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:42:05 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:42:05 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not send
startTLS request: error -1 (Can't contact LDAP server) errno 107
(Transport endpoint is not connected)
[20/Dec/2016:22:45:17 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint
is not connected)
[20/Dec/2016:22:45:17 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -1 (Can't contact LDAP server)
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
Replication bind with SIMPLE auth resumed
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Replication bind with
GSSAPI auth resumed
[20/Dec/2016:22:50:14 -0500]
agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389) -
Can't locate CSN 5852cec0000000600000 in the changelog (DB rc=-30988).
If replication stops, the consumer may need to be reinitialized.
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
Missing data encountered
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=masterAgreement1-ipa2.optimcloud.com-pki-tomcat" (ipa2:389):
Incremental update failed and requires administrator action
[20/Dec/2016:22:50:14 -0500] agmt="cn=meToipa2.optimcloud.com"
(ipa2:389) - Can't locate CSN 58528dac000200040000 in the changelog
(DB rc=-30988). If replication stops, the consumer may need to be
reinitialized.
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Missing data encountered
[20/Dec/2016:22:50:14 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa2.optimcloud.com" (ipa2:389): Incremental update
failed and requires administrator action

from the ipa2 slave

[root@ipa2 dingo]# cat /var/log/dirsrv/slapd-*/errors
        389-Directory/1.3.4.0 B2016.215.1556
        ipa2.optimcloud.com:636 (/etc/dirsrv/slapd-OPTIMCLOUD-COM)

[20/Dec/2016:22:49:22 -0500] - SSL alert: Configured NSS Ciphers
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] - SSL alert:
TLS_RSA_WITH_SEED_CBC_SHA: enabled
[20/Dec/2016:22:49:22 -0500] SSL Initialization - Configured SSL
version range: min: TLS1.0, max: TLS1.2
[20/Dec/2016:22:49:22 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
[20/Dec/2016:22:49:22 -0500] - WARNING: changelog: entry cache size
2097152B is less than db size 4104192B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[20/Dec/2016:22:49:22 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[20/Dec/2016:22:49:22 -0500] schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server
startup!
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[20/Dec/2016:22:49:22 -0500] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[20/Dec/2016:22:49:22 -0500] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
o=ipaca. Check if DB RUV needs to be updated
[20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=optimcloud,dc=com. Check if DB RUV needs to be updated
[20/Dec/2016:22:49:24 -0500] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa2.optimcloud....@optimcloud.com] in
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
KDC for requested realm)
[20/Dec/2016:22:49:24 -0500] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[20/Dec/2016:22:49:24 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Succ
ess)
[20/Dec/2016:22:49:24 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -2 (Local error)
[20/Dec/2016:22:49:24 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may
provide more information (No Kerberos credentials available))
[20/Dec/2016:22:49:24 -0500] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[20/Dec/2016:22:49:24 -0500] - Listening on All Interfaces port 636
for LDAPS requests
[20/Dec/2016:22:49:24 -0500] - Listening on
/var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
[20/Dec/2016:22:49:27 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
GSSAPI auth resumed
[20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
entries set up under ou=sudoers,dc=optimcloud,dc=com
[20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
[20/Dec/2016:22:49:28 -0500] schema-compat-plugin - warning: no
entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
[20/Dec/2016:22:49:29 -0500] schema-compat-plugin - Finished plugin
initialization.
[22/Dec/2016:21:01:17 -0500] - SSL alert: Configured NSS Ciphers
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] - SSL alert:
TLS_RSA_WITH_SEED_CBC_SHA: enabled
[22/Dec/2016:21:01:17 -0500] SSL Initialization - Configured SSL
version range: min: TLS1.0, max: TLS1.2
[22/Dec/2016:21:01:17 -0500] - 389-Directory/1.3.4.0 B2016.215.1556 starting up
[22/Dec/2016:21:01:18 -0500] - WARNING: changelog: entry cache size
2097152B is less than db size 4096000B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[22/Dec/2016:21:01:18 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[22/Dec/2016:21:01:19 -0500] schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server
startup!
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[22/Dec/2016:21:01:19 -0500] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[22/Dec/2016:21:01:19 -0500] - Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates found, which
should be added before the CoS Definition.
[22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
o=ipaca. Check if DB RUV needs to be updated
[22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=optimcloud,dc=com. Check if DB RUV needs to be updated
[22/Dec/2016:21:01:21 -0500] set_krb5_creds - Could not get initial
credentials for principal [ldap/ipa2.optimcloud....@optimcloud.com] in
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any
KDC for requested realm)
[22/Dec/2016:21:01:21 -0500] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[22/Dec/2016:21:01:21 -0500] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Succ
ess)
[22/Dec/2016:21:01:21 -0500] slapi_ldap_bind - Error: could not
perform interactive bind for id [] authentication mechanism [GSSAPI]:
error -2 (Local error)
[22/Dec/2016:21:01:21 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may
provide more information (No Kerberos credentials available))
[22/Dec/2016:21:01:21 -0500] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[22/Dec/2016:21:01:21 -0500] - Listening on All Interfaces port 636
for LDAPS requests
[22/Dec/2016:21:01:21 -0500] - Listening on
/var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
[22/Dec/2016:21:01:24 -0500] NSMMReplicationPlugin -
agmt="cn=meToipa.optimcloud.com" (ipa:389): Replication bind with
GSSAPI auth resumed
[22/Dec/2016:21:01:25 -0500] schema-compat-plugin - warning: no
entries set up under ou=sudoers,dc=optimcloud,dc=com
[22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no
entries set up under cn=ng, cn=compat,dc=optimcloud,dc=com
[22/Dec/2016:21:01:26 -0500] schema-compat-plugin - warning: no
entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
[22/Dec/2016:21:01:26 -0500] schema-compat-plugin - Finished plugin
initialization.

According to log, it looks that replication has been restored a week ago

can you use https://github.com/peterpakos/ipa_check_consistency to check what else is missing?

If it finds missing entries, probably re-initialization will be needed

Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to