I think I detected the problem. The error log in the replica writes: *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length exceeds maximum allowed limit (length=2483849, limit=2097152). Change the nsslapd-maxsasliosize attribute in cn=config to increase limit.*
*[11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned* According this: ( https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf ) "When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize limit, the server immediately disconnects the client and logs a message to the error log, so that an administrator can adjust the setting if necessary" The problem now is how can I change the value of the attribute during replication. Regards. On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com> wrote: > Hi folks, I had a problem with replication and I tried to add the slave > back to the replica. The process stops in the initial replication phase. > > The firewall and selinux are down and both servers are synchronized with > the time. > > Centos 7.3 > Freeipa 4.4.0-14 > > *Master error log:* > > 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication > bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () > [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning: > unable to acquire replica for total update, error: 49, retrying in 1 > seconds. > [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication > bind with GSSAPI auth resumed > [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning > total update of replica "agmt="cn=meTousuarios-replica.ipa.server.com" > (usuarios-replica:389)". > [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Failed to > send extended operation: LDAP error -1 (Can't contact LDAP server) > [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Received > error -1 (Can't contact LDAP server): for total updat > e operation > [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Warning: > unable to send endReplication extended operation (Can' > t contact LDAP server) > [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total > update failed for replica "agmt="cn=meTousuarios-replica.ipa.server.com" > (usuarios-replica:389)", error (-11) > [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication > bind with GSSAPI auth resumed > [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote > replica has a different database generation ID than > the local database. You may have to reinitialize the remote replica, or > the local replica. > [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn= > meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote > replica has a different database generation ID than > the local database. You may have to reinitialize the remote replica, or > the local replica. > > *Client ipareplica-install.log:* > > 2017-06-11T05:24:24Z DEBUG stderr= > 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300 > 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt > 1/5] > 2017-06-11T05:24:24Z DEBUG flushing ldap://usuarios.ipa.server.com:389 > from SchemaCache > 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap:// > usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject > instance at 0x86909e0> > 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId. > 2017-06-11T05:24:24Z DEBUG flushing > ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket > from SchemaCache > 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache > url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440> > 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 416, in __setup_replica > repl.setup_promote_replication(self.master_fqdn) > File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1643, in setup_promote_replication > raise RuntimeError("Failed to start replication") > RuntimeError: Failed to start replication > > 2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start > replication > 2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976 > 2017-06-11T05:24:46Z DEBUG File "/usr/lib/python2.7/site- > packages/ipapython/admintool.py", line 171, in execute > return_value = self.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line > 318, in run > cfgr.run() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 310, in run > self.execute() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 332, in execute > for nothing in self._executor(): > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 586, in _configure > next(executor) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", > line 63, in _install > for nothing in self._installer(self.parent): > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1722, in main > promote(self) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 372, in decorated > func(installer) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1423, in promote > promote=True, pkcs12_info=dirsrv_pkcs12_info) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 135, in install_replica_ds > api=remote_api, > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 401, in create_replica > self.start_creation(runtime=60) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 416, in __setup_replica > repl.setup_promote_replication(self.master_fqdn) > File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1643, in setup_promote_replication > raise RuntimeError("Failed to start replication") > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org