Hi
Yeap now request: error -1 (Can't contact LDAP server) errno 2 (No such file or
directory) gone
But still i have
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ldap2.domain389/o%3Dipaca) failed.
Maybe you can help to find out were i need to go? dirsrv, ldap, client, sssd
etc
Best Regards
Anton Rubets
From: Petr Vobornik
Sent: Thursday, April 28, 2016 1:49 PM
To: Anton Rubets; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Replication error
On 04/26/2016 02:02 PM, Anton Rubets wrote:
> Hhi all
>
> I have issues with replication between to FreeIPA server
>
> In maters log
>
> [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap2.domain:389/o%3Dipaca) failed.
> [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap2.domain:389/o%3Dipaca) failed.
> [26/Apr/2016:10:38:12 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap2.domain389/o%3Dipaca) failed.
> [26/Apr/2016:10:39:35 +0200] slapi_ldap_bind - Error: could not send startTLS
> request: error -1 (Can't contact LDAP server) errno 2 (No such file or
> directory)
>
>
> On replica server
>
>
> [26/Apr/2016:08:38:12 +] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap1.domain:389/o%3Dipaca) failed.
> [26/Apr/2016:08:43:13 +] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap1domain:389/o%3Dipaca) failed.
> [26/Apr/2016:08:43:13 +] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap1.domain:389/o%3Dipaca) failed.
> [26/Apr/2016:08:43:13 +] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ldap1.domain:389/o%3Dipaca) failed.
This is a symptom of dangling RUVs (replica update vector) of previously
removed replicas.
It happens when replica is removed using:
# ipa-replica-manage del $replica
# ipa-server-install --uninstall (on replica)
without running:
# ipa-csreplica-manage del $replica
first
resolution is to clear the RUVs manually using clean ruv DS task becase
ipa-csreplica-manage doesn't have support for it. FreeIPA 4.4 will
receive a new command which will handle bot suffixes automatically - #5411.
The instructions can found on the list:
* https://www.redhat.com/archives/freeipa-users/2015-June/msg00386.html
* https://www.redhat.com/archives/freeipa-users/2015-June/msg00416.html
and
* http://www.port389.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html
* or general procedure for future feature:
https://fedorahosted.org/freeipa/ticket/5411#comment:7
Important: Be very careful not to remove RUVs of existing replicas.
>
>
> And i can't find source of this problem. I have checked permission and etc.
> As
> i see replica is working but this message disturb my email every few minutes
> and
> i wanna somehow fix this. Also I just migrate from 3.0 to 4.2.
> Info:
> Master :
> rpm -qa | grep ipa
> ipa-server-dns-4.2.0-15.0.1.el7.centos.6.x86_64
> ipa-admintools-4.2.0-15.0.1.el7.centos.6.x86_64
> sssd-ipa-1.13.0-40.el7_2.2.x86_64
> ipa-client-4.2.0-15.0.1.el7.centos.6.x86_64
> libipa_hbac-1.13.0-40.el7_2.2.x86_64
> python-libipa_hbac-1.13.0-40.el7_2.2.x86_64
> python-iniparse-0.4-9.el7.noarch
> ipa-python-4.2.0-15.0.1.el7.centos.6.x86_64
> ipa-server-4.2.0-15.0.1.el7.centos.6.x86_64
>
> Replica:
> rpm -qa | grep ipa
> sssd-ipa-1.13.0-40.el7_2.2.x86_64
> ipa-admintools-4.2.0-15.0.1.el7.centos.6.1.x86_64
> libipa_hbac-1.13.0-40.el7_2.2.x86_64
> ipa-client-4.2.0-15.0.1.el7.centos.6.1.x86_64
> ipa-python-4.2.0-15.0.1.el7.centos.6.1.x86_64
> ipa-server-dns-4.2.0-15.0.1.el7.centos.6.1.x86_64
> python-libipa_hbac-1.13.0-40.el7_2.2.x86_64
> python-iniparse-0.4-9.el7.noarch
> ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
>
>
> Best Regards
> Anton Rubets
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project