date:20140405

Re: [Freeipa-users] IPA Replica Issues (Total update abortedLDAP error: Can't contact LDAP server)

2014-04-05 Thread Nevada Sanchez

Thanks. I added /var/log/messages to the gist (
https://gist.github.com/nevsan/8b6f78d7396963dc5f70)--no segfaults it
seems. Any other kind of disorderly shutdowns that might happen? I'll look
into creating a ticket for this.


On Fri, Apr 4, 2014 at 9:16 PM, Rich Megginson rmegg...@redhat.com wrote:

  On 04/03/2014 10:25 PM, Nevada Sanchez wrote:

 I followed the instructions that would give me a core dump, and for some
 reason, I don't see one in /var/log/dirsrv/slapd-EXAMPLE-COM/, even though
 I still see the Disorderly shutdown still shows up in the logs.


 Hmm - check again - it should produce a core file

 grep -i segfault /var/log/messages


  I know that when I explicitly request those attributes, I get -1 Total
 update abortedLDAP error: Can't contact LDAP server for
 nds5ReplicaLastInitStatus (see below). Access logs stop completely on the
 replica after the time that you mentioned.


 Hmm - looks like a bug.  Please open a ticket.



  ==
  [root@ipa2 ipaserver]# ldapsearch  ldaps://ipa.example.com:636 -D
 'cn=Directory Manager' -w # -b 
 'cn=meToipa2.example.comhttp://metoipa2.example.com/,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
 tree,cn=config' '(objectClass=*)' -s base nsds5ReplicaLastInitStart
 nsds5replicaUpdateInProgress nsds5ReplicaLastInitStatus cn
 nsds5BeginReplicaRefresh nsds5ReplicaLastInitEnd
 # extended LDIF
 #
 # LDAPv3
  # base cn=meToipa2.example.com 
 http://metoipa2.example.com/,cn=replica,cn=dc\=example\,dc\=com,cn=mapping
 tree,cn=config with scope baseObject
  # filter: (objectclass=*)
 # requesting: ldaps://ipa.example.com:636 (objectClass=*)
 nsds5ReplicaLastInitStart nsds5replicaUpdateInProgress
 nsds5ReplicaLastInitStatus cn nsds5BeginReplicaRefresh
 nsds5ReplicaLastInitEnd
 #

  # meToipa2.example.com http://metoipa2.example.com/, replica,
 dc\3Dexample\2Cdc\3Dcom,
   mapping tree, config
 dn: cn=meToipa2.example.com http://metoipa2.example.com/
 ,cn=replica,cn=dc\3Dexample\2Cd
  c\3Dcom,cn=mapping tree,cn=config
 nsds5ReplicaLastInitStart: 20140401092800Z
  nsds5replicaUpdateInProgress: FALSE
 nsds5ReplicaLastInitStatus: -1 Total update abortedLDAP error: Can't
 contact L
   DAP server
 cn: meToipa2.example.com http://metoipa2.example.com/
  nsds5ReplicaLastInitEnd: 20140401092804Z

  # search result
 search: 2
  result: 0 Success

  # numResponses: 2
  # numEntries: 1


 On Thu, Apr 3, 2014 at 6:32 PM, Rich Megginson rmegg...@redhat.comwrote:

  On 04/03/2014 03:46 PM, Nevada Sanchez wrote:

 Okay, I updated the gist and extended some of the logs (ipa2-errors does
 stop at 20:50:21). I'll follow up when I have the debug stuff in place.

  https://gist.github.com/nevsan/8b6f78d7396963dc5f70


  Another strange thing - it looks as if the initial replica init
 completes successfully.

 [02/Apr/2014:20:50:18 +] NSMMReplicationPlugin - Beginning total
 update of replica agmt=cn=meToipa2.example.com (ipa2:389).

 On the replica:

 [02/Apr/2014:20:50:18 +] NSMMReplicationPlugin -
 multimaster_be_state_change: replica dc=example,dc=com is going offline;
 disabling replication
 [02/Apr/2014:20:50:18 +] - WARNING: Import is running with
 nsslapd-db-private-import-mem on; No other process is allowed to access the
 database
 [02/Apr/2014:20:50:21 +] - import userRoot: Workers finished;
 cleaning up...
 [02/Apr/2014:20:50:21 +] - import userRoot: Workers cleaned up.
 [02/Apr/2014:20:50:21 +] - import userRoot: Indexing complete.
 Post-processing...
 [02/Apr/2014:20:50:21 +] - import userRoot: Generating
 numSubordinates complete.
 [02/Apr/2014:20:50:21 +] - import userRoot: Flushing caches...
 [02/Apr/2014:20:50:21 +] - import userRoot: Closing files...
 [02/Apr/2014:20:50:21 +] - import userRoot: Import complete.
 Processed 453 entries in 3 seconds. (151.00 entries/sec)
 [02/Apr/2014:20:50:21 +] NSMMReplicationPlugin -
 multimaster_be_state_change: replica dc=example,dc=com is coming online;
 enabling replication

 On the master, access log:

 [02/Apr/2014:20:50:17 +] conn=1365 op=15 MOD dn=cn=
 meToipa2.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config

 This is the operation that triggers the replica init.  Then
 ipa-replica-install polls for agreement status:
 [02/Apr/2014:20:50:19 +] conn=1365 op=16 SRCH base=cn=
 meToipa2.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config scope=0 filter=(objectClass=*)
 attrs=nsds5replicaLastInitStart nsds5replicaUpdateInProgress
 nsds5replicaLastInitStatus cn nsds5BeginReplicaRefresh
 nsds5replicaLastInitEnd
 [02/Apr/2014:20:50:19 +] conn=1365 op=16 RESULT err=0 tag=101
 nentries=1 etime=0
 [02/Apr/2014:20:50:20 +] conn=1365 op=17 SRCH base=cn=
 meToipa2.example.com,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
 tree,cn=config scope=0 filter=(objectClass=*)
 attrs=nsds5replicaLastInitStart nsds5replicaUpdateInProgress
 nsds5replicaLastInitStatus cn

[Freeipa-users] experience using IPA in a mixed environment

2014-04-05 Thread Carl E. Ma

Hi,

My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following Redhat 
identity management manual, I am able to configure user authentication, 
kerberos NFS, SSSD and autofs on most of my systems. 

The only trouble is integrating ubuntu 12.04 with autofs. 

1. automount in /etc/nsswitch.conf doesn't recognize sss as the name service, 
you need to put ldap instead. 
2. automount on ubuntu 12.04 doesn't recognize the auto.master map from IPA 
server. 

On our IPA server:
ipaserver# ipa automountlocation-tofiles default
/etc/auto.master:
/-  /etc/auto.direct
/home   /etc/auto.home
---
/etc/auto.direct:
---
/etc/auto.home:
*   -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 
nfs:/opt/shares/home/


From ubuntu 12.04 IPA client:
#automount -f -d     =shows it can't find the auto.master map, in 
/etc/default/autofs, I tried both ways to specify the auto.master map.
==
#cat /etc/default/autofs  | grep MASTER
#MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com
MASTER_MAP_NAME=auto.master
== 

From the error messages, it seems automount on ubuntu doesn't lookup LDAP for 
auto.master information.

Apr  4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map 
/etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com 
missing or not readable

Although I am using pam to automount user home directory, i am curious  whether 
anyone else experienced the same problem, or maybe I missed something.

Thanks,

carl

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] IPA Replica Issues (Total update abortedLDAP error: Can't contact LDAP server)

[Freeipa-users] experience using IPA in a mixed environment

2 matches

Site Navigation

Mail list logo

Footer information