Throwing in more details. At startup we have this in the log
Jun 29 14:32:36 linge.ghs.nl named-pkcs11[6945]: 10 master zones from
LDAP instance 'ipa' loaded (10 zones defined, 0 inactive, 0 failed to load)
Jun 29 14:32:36 linge.ghs.nl named-pkcs11[6945]: managed-keys-zone:
Unable to fetch DNSK
Three weeks ago I had to disable dnssec (due to problem with one of
the forwarding domains). So I changed/added
dnssec-enable no;
dnssec-validation no;
Could that have any influence?
On 29-06-2021 11:03, Kees Bakker via FreeIPA-users wrote:
Hi Flo,
Now that I know all the plugins are
Hi Flo,
Now that I know all the plugins are present, I was suspecting
nsslapd-changelogmaxage.
But that was false hope. It is set to 2d (which is the default, I think).
I definitely don't see the syncrepl_update output in
/var/named/data/named.run
WIth one exception, two days ago around 03:18
Hi,
as said on the other mail thread
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/GR2ZOFFNICWKLI3YBFYVTFZHUNNKDIQZ/,
I suspect the search for plugins is executed with ldapsearch -Y GSSAPI ...
and the ACIs are filtering part of the output. The command lda
So far not much luck in finding what is wrong. No sign of sync_repl
or syncrepl in the logs.
What I don't understand is why the cn=plugins,cn=config LDAP
of the three masters is so different.
On the "old main" Centos7 master there are 388 entries. On the newer
CentOS 8 Stream masters there are o
Hello,
On Mon, Jun 21, 2021 at 3:40 PM Kees Bakker via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> Hi,
>
> There is nothing in the daemon logs with "syncrepl" or "sync_repl".
>
> Should there be a syncrepl log for every update? Or only when there
> is a failure?
>
> Do I need
Hi,
There is nothing in the daemon logs with "syncrepl" or "sync_repl".
Should there be a syncrepl log for every update? Or only when there
is a failure?
Do I need to enable debugging of the dyndb plugin?
-- Kees
On 21-06-2021 18:56, Florence Renaud wrote:
Hi,
the high level view is the foll
Hi,
the high level view is the following: when there is an update related to
DNS data on an IPA server (new/updated/deleted zone, new/updated/deleted
record), it gets written to LDAP. As the LDAP data is replicated to the
other IPA servers, their local LDAP database gets updated.
The bind daemon r
