2.prod 0inf02.prod 0inf02.prod 0inf02.dev 0
=
“””
Thanks,
Goran
On May 15, 2017, at 6:35 AM, Ludwig Krispenz <lkris...@redhat.com> wrote:
The messages you see could be transient messages, and if replication is working
than this seems to be the ca
ent only.
If you receive it in error please notify me and permanently delete
the original message and any copies.
----
On 18 May 2017, at 16:11, Ludwig Krispenz <lkris...@redhat.com
<mailto:lkris...@redhat.com>> wrote:
hi,
there was a change that in the case of a missing csn ds wo
hi,
there was a change that in the case of a missing csn ds would not
silently use a "close" one and continue, but log an error, backoff and
retry - after updates on other masters the staring csn coudl change and
replication continue.
Now, in your case the csn reported missing:
The messages you see could be transient messages, and if replication is
working than this seems to be the case. If not we would need more data
to investigate: deployment info, relicaIDs of all servers, ruvs, logs,.
Here is some background info: there are some scenarios where a csn could
looks like you lost your configuration files dse.ldif and its backup as
well during the outage.
could you check what you have in /etc/dirsrv/slapd-
you can try to copy one of the *dse.ldif* to dse.ldif and try to
restart, but that file maybe up to date.
Ludwig
On 05/09/2017 12:00 PM, Bret
you can start here:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_replication-solving_common_replication_conflicts
you need first find out which conflict entries you have, which entries
need to be preserved, and then can start to
On 03/07/2017 09:21 PM, lejeczek wrote:
On 07/03/17 16:48, Ludwig Krispenz wrote:
On 03/07/2017 05:29 PM, lejeczek wrote:
On 07/03/17 12:39, Martin Babinsky wrote:
On Tue, Mar 07, 2017 at 09:55:52AM +, lejeczek wrote:
hi,
I presume I need to use ldapmodify/delete?
I found
On 03/07/2017 05:29 PM, lejeczek wrote:
On 07/03/17 12:39, Martin Babinsky wrote:
On Tue, Mar 07, 2017 at 09:55:52AM +, lejeczek wrote:
hi,
I presume I need to use ldapmodify/delete?
I found this(obfuscated by me):
On 03/01/2017 08:18 PM, pgb205 wrote:
[01/Mar/2017:18:19:48 +] agmt="cn=meTo ipa2.internal.domain"
(ipa2:389) - Can't locate CSN 582301c3000d0077 in the changelog
(DB rc=-30988). If replication stops, the consumer may need to be
reinitialized.
[01/Mar/2017:18:19:48 +]
On 02/28/2017 07:52 PM, lejeczek wrote:
On 28/02/17 09:45, Petr Vobornik wrote:
On 02/26/2017 11:35 AM, lejeczek wrote:
hi everyone
I first time see:
unable to decode: {replica 60} 586eaffd000a003c
586eaffd000a003c
Replica Update Vectors:
on all four servers. What would be
On 02/16/2017 01:32 PM, Tiemen Ruiten wrote:
Hello,
I have a FreeIPA setup in which some masters suffered from a few
uncontrolled shutdowns and now there are replication conflicts (which
prevent from setting the Domain Level to 1).
I was trying to follow the instructions here:
thanks for the info
Ludwig
On 01/20/2017 11:43 AM, Harald Dunkel wrote:
On 01/19/17 16:23, Harald Dunkel wrote:
Now I get this:
[root@ipa1 ~]# kinit admin
kinit: Generic error (see e-text) while getting initial credentials
Fortunately this went away after a reboot of the servers.
Phew
On 01/18/2017 02:57 PM, Harald Dunkel wrote:
On 01/17/17 11:38, Sumit Bose wrote:
On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
It seems something got corrupted in my ipa setup. I found this in the
sssd log file on Wheezy:
(Tue Jan 17 10:19:02 2017)
On 01/18/2017 08:13 AM, Harald Dunkel wrote:
Hi Ludwig,
On 01/17/17 17:01, Ludwig Krispenz wrote:
On 01/17/2017 04:48 PM, Harald Dunkel wrote:
On 01/17/17 16:12, Harald Dunkel wrote:
On 01/17/17 11:38, Sumit Bose wrote:
On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote
On 01/17/2017 04:48 PM, Harald Dunkel wrote:
On 01/17/17 16:12, Harald Dunkel wrote:
On 01/17/17 11:38, Sumit Bose wrote:
On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
It seems something got corrupted in my ipa setup. I found this in the
sssd log file on Wheezy:
(Tue Jan 17
Hi,
there seem to be to issues here, maybe related: a hanging slapd process
and the retro CL errors.
If the slapd process is not responding can we get a pstack or gdb
backtrace (http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes)
of the process ?
About the Retro CL messages, is it
Hi
On 12/22/2016 09:31 AM, Georgijs Radovs wrote:
Hello everyone!
Today, I've updated 2 FreeIPA servers from version 4.2 to version 4.4.
Both of these servers are Masters and CAs, both are replicating
between each other.
But, when I run
*ipa topologysegment-find* to view replication
On 12/21/2016 02:07 PM, Sandor Juhasz wrote:
Hi,
i would like to modify schema to have group objects extended with
email and display name attribute.
The reason is that we are trying to sync our ldap to our google apps.
I don't know how much this
doc
On 12/21/2016 05:11 AM, Ian Chen wrote:
hello list,
I tried to search for answer, but not solution come up yet. please help.
the setup with multiple nodes has IPA version:
ipa-server-4.1.0-18.el7.centos.4.x86_64
after adding a replication with an old node, replicaiton conflict occured.
On 10/27/2016 10:48 AM, Jochen Demmer wrote:
Am 27.10.2016 um 10:21 schrieb Martin Basti:
On 27.10.2016 10:02, Jochen Demmer wrote:
Am 26.10.2016 um 17:31 schrieb Martin Basti:
On 26.10.2016 17:25, Jochen Demmer wrote:
Am 26.10.2016 um 16:48 schrieb Martin Basti:
On
On 10/24/2016 01:21 PM, Günther J. Niederwimmer wrote:
Hello Ludwig,
thanks for the answer,
Am Montag, 24. Oktober 2016, 09:53:21 schrieb Ludwig Krispenz:
On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
I have added on my ipa (Master) Server this user and ACI with a ldif file
Hi,
On 10/23/2016 03:01 PM, Günther J. Niederwimmer wrote:
Hello,
I have added on my ipa (Master) Server this user and ACI with a ldif file
ldapmodify -x -D 'cn=Directory Manager' -W
dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
changetype: add
objectclass: account
objectclass:
On 10/21/2016 04:05 PM, Günther J. Niederwimmer wrote:
Hello,
Thanks for the answer,
Am Freitag, 21. Oktober 2016, 07:11:58 schrieb Rich Megginson:
On 10/21/2016 06:42 AM, Günther J. Niederwimmer wrote:
Hello Martin and List,
Pardon me, but anything is wrong with the ldif i
ldapmodify -D
On 10/19/2016 06:28 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 05:41:37PM +0200, Ludwig Krispenz wrote:
On 10/19/2016 05:02 PM, Ludwig Krispenz wrote:
On 10/19/2016 03:48 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 10:13:26AM +0200, Ludwig Krispenz wrote:
On 10/18/2016 08:52
On 10/19/2016 05:02 PM, Ludwig Krispenz wrote:
On 10/19/2016 03:48 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 10:13:26AM +0200, Ludwig Krispenz wrote:
On 10/18/2016 08:52 PM, Andrew E. Bruno wrote:
We had one of our replicas fail today with the following errors:
[18/Oct/2016:13:40
On 10/19/2016 03:48 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 10:13:26AM +0200, Ludwig Krispenz wrote:
On 10/18/2016 08:52 PM, Andrew E. Bruno wrote:
We had one of our replicas fail today with the following errors:
[18/Oct/2016:13:40:47 -0400] agmt="cn=meTosrv-m
On 10/19/2016 09:39 AM, Prashant Bapat wrote:
Some more info.
This is happening on one of the hosts for which replica-info file was
generated but for some reason the replica installation failed. So I
went ahead and deleted and created the replica file again and this
time installation went
On 10/18/2016 08:52 PM, Andrew E. Bruno wrote:
We had one of our replicas fail today with the following errors:
[18/Oct/2016:13:40:47 -0400] agmt="cn=meTosrv-m14-32.cbls.ccr.buffalo.edu"
(srv-m14-32:389) - Can't locate CSN 58065ef300010003 in the changelog (DB rc=-30988).
If replication
Hi,
you get the "different database generation" if one side is built from
scratch or reimported from a plain ldif without repl stat e information.
replication will only work if both sides have the same data origin.
About initlializing back and forth it depends on your topology if it can
Hi,
you don't specify the version you are using:
If it is 389-ds-base-1.3.4.0-33.el7_2.x86_64
the following may apply:
>>>
we have identified an issue with this version, it includes a fix for
389-ds ticket #48766, which was incomplete and resolved shortly after
the release of this version (it
Hi,
the RUV in the replication agreement is maintained to control changelog
trimming, no changes should be deleted from the changelog which have not
been seen by all consumers. Since not always a connection for a
replication agreement can be established, eg if the consumer is down,
this
--
Youenn Piolet
piole...@gmail.com <mailto:piole...@gmail.com>
/
/
2016-09-26 9:42 GMT+02:00 Ludwig Krispenz <lkris...@redhat.com
<mailto:lkris...@redhat.com>>:
On 09/25/2016 09:35 PM, Youenn PIOLET wrote:
Hi there,
Same issue for me in a my 15 ipa-servers mult
xo.ase...@gmail.com>> wrote:
hi,
On Mon, Sep 26, 2016 at 3:06 PM, Ludwig Krispenz
<lkris...@redhat.com <mailto:lkris...@redhat.com>> wrote:
On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
so the command has not been successful in the kdc03. in the
On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo <natxo.ase...@gmail.com
<mailto:natxo.ase...@gmail.com>> wrote:
On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
<lkris...@redhat.com <mailto:lkris...@redhat.com>> w
On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
hi,
I recently upgraded a centos 6.8 realm to centos 7.2 and it almost
went correctly.
Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
On 09/25/2016 09:35 PM, Youenn PIOLET wrote:
Hi there,
Same issue for me in a my 15 ipa-servers multi-master grid just after
the update.
The replication is completely broken except on 3/15 nodes.
This is the second time I have to fully reinitialize the whole cluster
for similar reason. I
was going during update and reboot. There have
been cases when a dse.ldif was lost after crashing/rebooting a VM, but
the missing lock directory is new to me.
On Fri, Sep 23, 2016 at 12:18 AM, Ludwig Krispenz <lkris...@redhat.com
<mailto:lkris...@redhat.com>> wrote:
can you
can you check if you have
/var/lock/dirsrv/slapd-RSINC-LOCAL
if the server user has permissions to write into this directory and its
subdirs or if any pid file still exists in
/var/lock/dirsrv/slapd-RSINC-LOCAL/server
On 09/23/2016 07:29 AM, Devin Acosta wrote:
Tonight,
I noticed there
Hi,
On 09/13/2016 07:37 PM, Rakesh Rajasekharan wrote:
Hi All,
Have finally made some progress with this.. after changing the
checkpoint interval to 180, my hangs have gone down now..
However, I faced a similar hang yesterday... users were not able to
login.. , though this time the ns-slapd
On 08/25/2016 04:41 PM, bahan w wrote:
Hello everyone.
Could you explain to me about this field Sent/Skipped please ?
if replication is enabled all changes on a server are logged into the
changelog -changes coming from clients and internal changes (eg mmeberof
update, passwordpolocy
I just noticed that you have many skipped entries, Sent/Skipped: 3 / 9045345
that could be an effect of fractional replication which reiterates the
same sequence of changes. This is fixed in recent releases, but looks
like your on RHEL 6.6
Ludwig
On 08/24/2016 06:33 PM, bahan w wrote:
Hey
The replication agreements to the "unsync" master says that update has
started, so it looks like replication connection is active.
You need to check the access and error logs of bot sides and check if
tehre is replication traffic
On 08/24/2016 06:33 PM, bahan w wrote:
Hey guys.
I performed
On 08/24/2016 01:08 AM, Ian Harding wrote:
On 08/23/2016 03:14 AM, Ludwig Krispenz wrote:
On 08/23/2016 11:52 AM, Ian Harding wrote:
Ah. I see. I mixed those up but I see that those would have to be
consistent.
However, I have been trying to beat some invalid RUV to death for a long
time
e a couple times and that seems to be what got me
into this mess...
Thank you for your help.
On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
looks like you are searching the nstombstone below "o=ipaca", but you
are cleaning ruvs in "dc=bpt,dc=rocks",
your attrlist_replace
looks like you are searching the nstombstone below "o=ipaca", but you
are cleaning ruvs in "dc=bpt,dc=rocks",
your attrlist_replace error refers to the bpt,rocks backend, so you
should search the tombstone entry ther, then determine which replicaIDs
to remove.
Ludwig
On 08/23/2016 09:20
, I was able to reproduce the errors by
"bulk" deleting 39 DNS entries, and only the MASTER reported
"replica_generate_next_csn" entries.
Given the size of the logs, I think it would be pointless to do any
kind of sanitization. I'll go ahead and gzip them for you and email
you off-l
13:50:49 -0400] conn=1395 op=4160
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c30016
I'm positive that I was the only one performing DNS updates during
this time, and I was only using 1 console.
Thanks,
John DeSantis
2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkris...@redh
he time syncing)?
I know that these questions are probably leaning more towards the
389ds team, so feel free to pass me over to them if need be.
I think I can address the ds related questions, but I don't know about
console and dns to assess if the behaviour is normal
Again, thank you
On 08/17/2016 08:54 PM, John Desantis wrote:
Hello all,
We've been re-using old host names and IP addresses for a new
deployment of nodes, and recently I've been seeing the messages pasted
below in the slapd-DC.DC.DC "error" log on our nodes.
[17/Aug/2016:10:30:30 -0400] -
On 08/12/2016 04:10 PM, Louis Francoeur wrote:
Since the rpm update to
ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),
most of my replication started to failed with:
what do you mean by "most of", if some servers still work and others
don't is there something
On 07/12/2016 11:25 AM, Christophe TREFOIS wrote:
Hi,
I have 3 replicas running 4.1 and 3 replicas running 4.2.
One of the 4.2 replicas is the new master (CRL) and is at the moment
replicating against the old 4.1 cluster (we are in the process of
migrating).
Upon restart of the 4.2
don't need to
reveal any real data, jsur which objectclasses and attributes the entry has
On 2016-07-05 10:51, Ludwig Krispenz wrote:
well, this does not have more information:
#0 0x7efe7167c4c0 in ipapwd_keyset_free () from
/usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
No symbol table info
containing arbitrar octets.
Please open a ticket to get this worked on:
https://fedorahosted.org/freeipa/newticket
Ludwig
On 07/05/2016 12:07 AM, Omar AKHAM wrote:
Ok, here is a new core file : http://pastebin.com/2cJQymHd
Best regards
On 2016-07-04 09:39, Ludwig Krispenz wrote:
On 07/03/2016 03
, Ludwig Krispenz wrote:
please keep the discussion on the mailing list
On 07/01/2016 01:17 PM, Omar AKHAM wrote:
Which package to install ? ipa-debuginfo?
yes
2 other crashes last night, with a different user bind this time :
rawdn = 0x7f620003a200
"uid=XXX,cn=users,cn=accounts,dc=XXX,
10\311\377+b\177\000\000\250\311\377+b\177", '\000'
, "\002\000\000\000 \305\363Tb\177\000\000\377\377\37
7\377\377\377\377\377\320\030\002\000b\177\000\000\000\000\000\000\000\000\000\000~a\003\000b\177",
'\000'
bind_target_entry = 0x0
On 2016-06-30 18:16, Ludwig Kris
On 06/30/2016 02:45 PM, Ludwig Krispenz wrote:
On 06/30/2016 02:27 PM, d...@mdfive.dz wrote:
Hi,
Please find strace on a core file : http://pastebin.com/v9cUzau4
the crash is in an IPA plugin, ipa_pwd_extop,
to get a better stack you would have to install also the debuginfo for
ipa-server
should look into it
Regards
On 2016-06-30 12:13, Ludwig Krispenz wrote:
can you get a core file ?
http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes
On 06/30/2016 11:28 AM, d...@mdfive.dz wrote:
Hi,
The Directory Services crashes several times a day. It's installed
on CentOS 7 VM
can you get a core file ?
http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes
On 06/30/2016 11:28 AM, d...@mdfive.dz wrote:
Hi,
The Directory Services crashes several times a day. It's installed on
CentOS 7 VM :
Installed Packages
Name: ipa-server
Arch: x86_64
On 06/28/2016 10:33 AM, Natxo Asenjo wrote:
hi Ludwig,
On Tue, Jun 28, 2016 at 10:03 AM, Ludwig Krispenz <lkris...@redhat.com
<mailto:lkris...@redhat.com>> wrote:
On 06/28/2016 09:50 AM, Natxo Asenjo wrote:
I'd like to have internally all sort of ldap access, but
On 06/28/2016 09:50 AM, Natxo Asenjo wrote:
On Tue, Jun 28, 2016 at 9:07 AM, Alexander Bokovoy
> wrote:
On Tue, 28 Jun 2016, Natxo Asenjo wrote:
hi,
according to the RHDS documentation (
On 06/07/2016 06:17 PM, Andy Brittingham wrote:
Hello,
I'm having issues with freeipa replication. Currently we have 4
Freeipa servers, in a master - master relationship with replication
agreements between all servers.
I noticed the replication failure messages in the logs late last week
On 05/17/2016 12:49 PM, Ludwig Krispenz wrote:
On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
Hello,
I am new to freeIPA and I am recently working on a project to
integrate freeIPA with some legacy application which uses LDAP for
user management.
I have initially created our own ldap
On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
Hello,
I am new to freeIPA and I am recently working on a project to
integrate freeIPA with some legacy application which uses LDAP for
user management.
I have initially created our own ldap structure and I tried to run the
code against
--
From: Alexander Bokovoy [mailto:aboko...@redhat.com
<mailto:aboko...@redhat.com>]
Sent: April 27, 2016 1:19 PM
To: Gady Notrica
Cc: Ludwig Krispenz; freeipa-users@redhat.com
<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] krb5kdc service not start
wanted to add Noriko, but hit send to quickly
On 04/28/2016 01:26 PM, Ludwig Krispenz wrote:
On 04/28/2016 12:06 PM, Martin Kosek wrote:
On 04/28/2016 01:23 AM, Sean Hogan wrote:
Hi Martin,
No joy on placing - in front of the RC4s
I modified my nss.conf to now read
# SSL 3 ciphers. SSL 2
On 04/28/2016 12:06 PM, Martin Kosek wrote:
On 04/28/2016 01:23 AM, Sean Hogan wrote:
Hi Martin,
No joy on placing - in front of the RC4s
I modified my nss.conf to now read
# SSL 3 ciphers. SSL 2 is disabled by default.
NSSCipherSuite
: cid:image002.jpg@01CBD419.622CDF90*
<http://www.linkedin.com/profile/view?id=36869324=tab_pro>
*From:*Ludwig Krispenz [mailto:lkris...@redhat.com]
*Sent:* April 27, 2016 10:58 AM
*To:* Gady Notrica
*Cc:* Rob Crittenden; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] krb5kdc service not
.candeal.ca ns-slapd[9830]:
[27/Apr/2016:10:26:17 -0400] dse - Please edit the file to correct the
reported problems and then restart the server.
[root@cd-p-ipa1 log]#
Gady
*From:*Ludwig Krispenz [mailto:lkris...@redhat.com]
*Sent:* April 27, 2016 10:06 AM
*To:* Gady Notrica
*Cc:* Rob Crittenden
to correct the reported problems and then
restart the server.
we need the logs from that time
Gady
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: April 26, 2016 2:44 PM
To: Gady Notrica; Ludwig Krispenz; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kd
On 04/26/2016 03:26 PM, Gady Notrica wrote:
Here...
[root@cd-p-ipa1 log]# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful
[root@cd-p-ipa1 log]# systemctl status
ipaca) failed.
Greets
Kilian
Von: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> im Auftrag
von Ludwig Krispenz <lkris...@redhat.com>
Gesendet: Donnerstag, 14. April 2016 16:46
An: freeipa-users@redhat.com
Betreff: Re: [Freeipa
On 04/07/2016 07:23 AM, Prashant Bapat wrote:
What I have done now was to add a new server, ipa02 and configured
replication again and things are fine.
However on IPA1 the 389 ds error logs have reference to the dead ipa2
replica.
[07/Apr/2016:04:13:11 +] NSMMReplicationPlugin -
On 04/04/2016 01:40 PM, Martin (Lists) wrote:
Am 04.04.2016 um 09:06 schrieb Martin Babinsky:
On 04/01/2016 08:53 PM, Martin (Lists) wrote:
Hallo
I have a question regarding enabling/disabling separate ipa parts in
systemd. Is it necessarry or required to have httpd, directory server,
named
On 03/14/2016 05:33 PM, Andrew E. Bruno wrote:
On Mon, Mar 14, 2016 at 09:35:15AM +0100, Ludwig Krispenz wrote:
On 03/12/2016 04:02 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 06:08:04PM +0100, Ludwig Krispenz wrote:
On 03/09/2016 05:51 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016
On 03/12/2016 04:02 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 06:08:04PM +0100, Ludwig Krispenz wrote:
On 03/09/2016 05:51 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 05:21:50PM +0100, Ludwig Krispenz wrote:
[09/Mar/2016:11:33:03 -0500] NSMMReplicationPlugin - changelog
On 03/09/2016 05:51 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 05:21:50PM +0100, Ludwig Krispenz wrote:
On 03/09/2016 04:46 PM, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 10:37:05AM -0500, Andrew E. Bruno wrote:
On Wed, Mar 09, 2016 at 04:13:28PM +0100, Ludwig Krispenz wrote
On 03/09/2016 03:46 PM, Andrew E. Bruno wrote:
Hello,
We had a replica fail today with:
[09/Mar/2016:09:39:59 -0500] NSMMReplicationPlugin - changelog program -
_cl5NewDBFile: PR_DeleteSemaphore:
/var/lib/dirsrv/slapd-CBLS-CCR-BUFFALO-EDU/cldb/e909b405-2cb811e5-ac0b8f7e-e0b1a377.sema;
NSPR
On 02/23/2016 05:10 PM, Andy Thompson wrote:
On 02/23/2016 03:02 PM, Andy Thompson wrote:
Came across one of my replicas this morning with the following in
the error log
[20/Feb/2016:17:23:38 -0500] - libdb: BDB2055 Lock table is out of
available lock entries
[20/Feb/2016:17:23:38 -0500]
On 02/23/2016 03:43 PM, Andy Thompson wrote:
-Original Message-
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, February 23, 2016 9:31 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] lock table
On 02/23/2016 03:02 PM, Andy Thompson wrote:
Came across one of my replicas this morning with the following in the error log
[20/Feb/2016:17:23:38 -0500] - libdb: BDB2055 Lock table is out of available
lock entries
[20/Feb/2016:17:23:38 -0500] entryrdn-index - _entryrdn_delete_key: Deleting
On 02/22/2016 11:51 PM, Timothy Geier wrote:
What’s the established procedure to start a 389 instance without any
replication agreements enabled? The only thing that seemed close on
google
(http://directory.fedoraproject.org/docs/389ds/howto/howto-fix-and-reset-time-skew.html)
seems risky
The crash is an abort because of a failed assertion in the kerberos code
Thread 1 (Thread 0x7fa7d4c88700 (LWP 3125)):
#0 0x7fa7e6ace5f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x7fa7e6acfce8 in abort () from /lib64/libc.so.6
No symbol table info available.
is wrong.
I also tried to set TLS_REQCERT to allow just to be sure (in case that
bad cert is provided).
On 2016/02/12 16:57, Ludwig Krispenz wrote:
On 02/12/2016 03:35 PM, Filip Pytloun wrote:
It's the same as for idm01:
[12/Feb/2016:15:24:26 +0100] NSMMReplicationPlugin -
agmt="cn=meTo
On 02/12/2016 03:06 PM, Filip Pytloun wrote:
Hello,
even when enabling replication logging, I get nothing useful in logs:
[12/Feb/2016:14:57:00 +0100] NSMMReplicationPlugin -
agmt="cn=meToidm02.tcpcloud.eu" (idm02:389): Trying secure startTLS
slapi_ldap_init_ext
[12/Feb/2016:14:57:00 +0100]
59 +0100] conn=15 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[12/Feb/2016:15:33:59 +0100] conn=15 op=0 RESULT err=0 tag=120 nentries=0
etime=0
[12/Feb/2016:15:34:00 +0100] conn=15 TLS1.2 128-bit AES-GCM
[12/Feb/2016:15:34:00 +0100] conn=15 op=-1 fd=64 closed - B1
On
On 01/26/2016 09:45 AM, Günther J. Niederwimmer wrote:
Hello List,
I set up a CentOS 7.2 System with two master Server now I found this 1000 x
Error on my first master?
attrlist_replace - attr_replace (nsslapd-referral, ldap://ipa1.xxx.at:389/
o%3Dipaca) failed.
did you install and
On 01/26/2016 12:30 PM, Günther J. Niederwimmer wrote:
Hello Ludwig,
Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz:
On 01/26/2016 09:45 AM, Günther J. Niederwimmer wrote:
Hello List,
I set up a CentOS 7.2 System with two master Server now I found this 1000
x
Error on my
, 14:48:31 CET schrieb Ludwig Krispenz:
On 01/26/2016 12:30 PM, Günther J. Niederwimmer wrote:
Am Dienstag, 26. Januar 2016, 11:03:27 CET schrieb Ludwig Krispenz:
On 01/26/2016 09:45 AM, Günther J. Niederwimmer wrote:
I set up a CentOS 7.2 System with two master Server now I found this
1000
x
E
On 01/25/2016 01:43 PM, Martin Kosek wrote:
On 01/25/2016 01:34 PM, thierry bordaz wrote:
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin -
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin - replication keep alive entry
could you get a core dump from the crash:
http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
Ludwig
On 01/25/2016 12:08 PM, bahan w wrote:
Hello !
I recently installed a replica (master2) in addition of my master
(master1) with IPA 3.0.0-47 on RHEL6.6.
I don't know from when
On 01/22/2016 04:48 AM, Nathan Peters wrote:
Here are the results for that aci search using a non gssapi bind by directory
manager on the old master that we are attempting to join agains. I don't see
anything in this list that would indicate that some users should or should not
have access
On 01/21/2016 08:50 AM, Nathan Peters wrote:
I don't know if this makes a difference too, but I performed the same checks on
a different completely working and joined FreeIPA master, against other
masters, and even against itself directly.
It seems that no account, no keytab, and no host can
Hi,
if you are running 389-ds 1.3.4+ you may hit, ticket #48379. It id fixed
and a new build is in preparation
Ludwig
On 01/19/2016 03:39 PM, Domingues Luis Filipe wrote:
Hi,
Reading the backtrace I have 30 threads with the same stack:
Thread 6 (Thread 0x7f572efed700 (LWP 1335)):
#0
On 01/18/2016 04:47 AM, Nathan Peters wrote:
This is another issue I'm not sure how to debug or solve in 4.3.0. A
failed replica installation left a replica with stuff in the tree, but
not configured properly on the localhost. I did ipa-server-install
--uninstall as suggested by the
On 01/15/2016 08:32 AM, Nathan Peters wrote:
I think I've finally started to make some progress on this. I did a lot of
googling and found some stuff to run manually in 389 ds through ldapmodify
commands to clean RUVs. During this process the server crashed and when it
came back online,
On 12/21/2015 05:49 PM, Alex Williams wrote:
I began installing a new ipa4 replica this morning and it all went
wrong. The ipa-replica-install script got all the way to restarting
ipa with systemctl at the very end, having set up replication and then
fell over, because systemctl couldn't find
Hi,
On 12/22/2015 11:43 AM, David Goudet wrote:
Hi,
I have multimaster replication environment. On each replica, folder
/var/lib/dirsrv/slapd-/cldb/ has big size (3~GB) and old entries in
/var/lib/dirsrv/slapd-xxx/cldb/xxx.db4 have three month year old:
sudo dbscan -f
you could set minssf:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/SecureConnections.html#requiring-secure-connections
On 11/18/2015 07:24 AM, Prashant Bapat wrote:
Hi,
We have a pair of freeipa servers (4.1.4) and a bunch of Linux clients
----Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Tuesday, November 10, 2015 9:48 AM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authenticat
1 - 100 of 198 matches
Mail list logo