On 07/18/2014 09:50 AM, Martin Kosek wrote:
On 07/17/2014 04:56 PM, Anthony Messina wrote:
After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
I noticed the following errors during the restart cycle. I have a simple
2 host MMR setup. Should I be concerned about these?
On 07/21/2014 01:14 PM, Martin Kosek wrote:
On 07/21/2014 01:04 PM, Atanas Bachvaroff wrote:
Hello,
I've been experiencing strange problems trying to manually modify the
userPassword attributes in the FreeIPA's 389 directory (FreeIPA 3.3.4 on
Fedora 20). I'm using the following script:
On 08/01/2014 11:56 AM, Tomas Babej wrote:
On 08/01/2014 11:42 AM, barry...@gmail.com wrote:
Hi:
I follow command found from here and want to del priate group but
fail any idea?
It said line 5 attribute error , any synta xwrong?
ldapsearch -LLL -Y GSSAPI cn=barry
ldapmodify -Y GSSAPI
What's wrong with your scenario B: master(s) in internal network, they
can contact consumers in DMZ and remote rack and replicate to them.
What do you mean by to contact for setup ?
Ludwig
On 08/19/2014 03:12 AM, Joshua J. Kugler wrote:
So, we have a need for replication, but the existing
On 08/20/2014 02:55 PM, Petr Spacek wrote:
On 20.8.2014 10:58, Dmitri Pal wrote:
On 08/19/2014 07:55 PM, Joshua J. Kugler wrote:
A replica must connect to the master for initial setup; after that,
the master
pushes to the replica.
j
On Tuesday, August 19, 2014 09:26:11 Ludwig Krispenz
On 08/21/2014 02:32 AM, Rich Megginson wrote:
On 08/20/2014 05:28 PM, William wrote:
How did you manage to add an attribute value with a trailing space?
Excellent question: Someone else in my workplace managed to stuff this
one up, so that a users objectClass has a trailing space, thus is
On 08/27/2014 09:14 AM, Martin Kosek wrote:
On 08/27/2014 07:47 AM, Kat wrote:
Hi all...
Migrating from Open LDAP and it works fine to FreeIPA to 3.x but 4.x
I get
migration errors?
/Constraint violation: invalid password syntax - passwords with
storage scheme
are not allowed/
I did
Hi,
I did a test with 1.2.11.15-33
first test:
nsSSL3Ciphers: +all
running nmap gave:
636/tcp open ldapssl
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA - strong
| SSL_RSA_FIPS_WITH_DES_CBC_SHA - weak
|
On 10/14/2014 06:58 PM, Clint Savage wrote:
Hi all,
I've been working on a migration plan using three custom user
objectClasses and one group objectclass. In my attempt, I've setup an
openldap server with the proper schemas, imported the ldif and have
records that look something like this
to find the right balance of output can
be challenging. See their FAQ troubleshooting section.
rob
Clint
On Wed, Oct 15, 2014 at 1:16 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
Ludwig Krispenz wrote:
On 10/14/2014 06:58 PM, Clint Savage wrote
Hi,
maybe there is a case problem, if I try the following command, note some
capital letters:
# ipa config-mod --userobjectclasses=ipaObject
--userobjectclasses=ine*tO*rgperson --userobjectclasses=person
--userobjectclasses=posixaccount --userobjectclasses=inetuser
On 10/30/2014 07:36 PM, Martin Basti wrote:
On 30/10/14 19:18, Michael Lasevich wrote:
Makes sense. What is the solution here?
I have the latest 389-ds installed but still getting
allowWeakCipher error - how to I get around that?
-M
Sorry I don't know, I CCied Ludwig, he is DS guru.
I
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new setting, but
the error message says the packet is 800MB*
*
On 11/11/14 13:13, Walter van Lille wrote:
I've just cleaned out a ton of
:
On 11/11/14 15:58, Rich Megginson wrote:
On 11/11/2014 06:20 AM, Ludwig Krispenz wrote:
On 11/11/2014 02:14 PM, Martin Basti wrote:
Ludiwg (CCed) this seems like old (fixed?) DS bug.
hmm, it says limit is 2097152, so it already has the new
setting
On 12/04/2014 04:56 PM, Janelle wrote:
Hi all,
just (pam)auth and nslcd
It was ported from a running OpenLDAP environment to IPA. Just trying
to do conversions in stages so as not to change too much all at once.
Thought I could go from OpenLDAP to IPA and just use the backend of
389ds.
On 12/12/2014 02:00 PM, Martin Kosek wrote:
On 12/11/2014 06:19 PM, Matt Chesler wrote:
I have a cluster of four IPA masters that should be performing fully
meshed
replication. I discovered yesterday that a recently created user
only existed
on a single master. After looking through all
On 12/18/2014 08:16 PM, Rich Megginson wrote:
On 12/18/2014 11:59 AM, Janelle wrote:
I am looking at the 2 entries in dse.ldif - and indeed they are
different. If I replace the one in question with the one from the
working system, it works again.
I'm assuming by entry you are referring to
On 01/16/2015 08:43 AM, Martin Kosek wrote:
On 01/15/2015 06:31 PM, Quayle, Bill wrote:
I am migrating an openLDAP tree into ipa, and when I run ipa
migrate-ds, the
migration aborts after roughly 36 seconds with:
ipa: ERROR: cannot connect to 'ldap://10.x.x.x:389’:
It has transferred 9762
Hi,
do you have the DS access logs from your servers from the time around
the conflicting entry was created ?
Thanks,
Ludwig
On 03/17/2015 11:14 AM, Andreas Skarmutsos Lindh wrote:
Quick update: I think that I have solved it, by just deleting the
entries holding nsuniqueid additional
Hi,
a RUV (replica update vector) is a structure which on each sever
maintains a state of updates it has seen from any other server, it is
used in a replication session to determine which updates have to be sent.
Normally you don't need to deal with it, only if you remove a replica it
is
libdes was replaced by libpbe, see ticket:
https://fedorahosted.org/389/ticket/4746
during the postinstall of the upgrade the DES config in the dse.ldif
should be changed. There have been cases where the postinstall scripts
were not propeerly executed.
Could you stop your DS and run:
On 04/21/2015 01:26 AM, Janelle wrote:
Hello,
When I was working with OpenLDAP, and AD - and did not deal with
RUVs the way I am with 389-ds and IPA.
I am trying to understand what is normal for values. If I am looking
at this (and seem to have no replication problems):
On 04/24/2015 09:26 AM, Dominik Korittki wrote:
Hello all,
I am running two ipa3.3.3 instances in a replication on Centos 7 servers.
Last day the rootpartition went full (where the dirsrv databases are
stored), because of a big changelog-db.
dirsrv managed to do a graceful shutdown. Luckily,
On 04/29/2015 05:35 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 11:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04
On 04/29/2015 05:08 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:59 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 05:51 PM, Martin (Lists) wrote:
Am 29.04.2015 um 15:43 schrieb Ludwig Krispenz:
On 04/29/2015 03:17 PM, Martin (Lists) wrote:
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM, Martin (Lists) wrote:
Hallo
after a reboot I get almost thousand
On 04/29/2015 03:17 PM, Martin (Lists) wrote:
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM, Martin (Lists) wrote:
Hallo
after a reboot I get almost thousand of the following messages:
DSRetroclPlugin - delete_changerecord: could not delete change record
128755 (rc
On 04/29/2015 03:14 PM, thierry bordaz wrote:
On 04/29/2015 02:43 PM, Andy Thompson wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 8:31 AM
To: Andy Thompson;freeipa-users@redhat.com; Ludwig Krispenz; Thierry
Bordaz
Subject: Re
On 04/29/2015 03:40 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 9:22 AM
To: thierry bordaz
Cc: Andy Thompson; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04
: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:07 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015 03:40 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig
did you run the searches as directory manager ?
On 04/29/2015 04:34 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
On 04/29/2015 04:49 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 10:51 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
did
On 05/05/2015 01:27 PM, Martin Kosek wrote:
On 05/05/2015 12:38 PM, Vaclav Adamec wrote:
Hi,
I tried migrate to newest version IPA, but result is quite unstable and
removing old replicas ends with RUV which cannot be decoded (it stucked in
queue forever):
ipa-replica-manage del
servers all works fine.
the messages indicate there could be many concurrent operations,
because individual ops are not fast enough, could your VM have
less/slower resources than the physical machines ?
Lukasz Jaworski 'Ender'
Wiadomość napisana przez Ludwig Krispenz lkris...@redhat.com w dniu 6
regards,
Lukasz Jaworski 'Ender'
Wiadomość napisana przez Ludwig Krispenz lkris...@redhat.com w dniu 6 maj
2015, o godz. 10:52:
Hi,
there seem to be different issues,
- I don't know what the ipactl status is looking for when it generates the
error message about no matching master,
but I don't
let's keep the info on the list, more peple more ideas
Original Message
Subject:Re: [Freeipa-users] IPA RUV unable to decode
Date: Tue, 5 May 2015 18:32:15 +0200
From: Vaclav Adamec vaclav.ada...@suchy-zleb.cz
To: Ludwig Krispenz lkris...@redhat.com
master
On 05/07/2015 10:46 AM, Christoph Kaminski wrote:
I am curious however. I have been running OpenLDAP configs with 20 or
more servers in replication for over 5 years. In all that time, I think
I have had replication issues 5 times. In the 6 months of working with
FreeIPA, replication issues
On 05/08/2015 05:30 PM, Rob Crittenden wrote:
Janelle wrote:
On 5/7/15 12:59 AM, thierry bordaz wrote:
On 05/07/2015 05:39 AM, Janelle wrote:
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to
decode
thread), if you are sure that's
On 05/07/2015 08:38 AM, Christoph Kaminski wrote:
Just a guess, what is your deployment size?
We have a two ipa domains, one have 3 servers (2 hw and 1 vm, no
issues with dirsrv yet), another currently includes 16 vm servers,
ant dirsrv hangs and crashes periodically...
we have 8 IPA
On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could
On 05/15/2015 02:45 PM, Janelle wrote:
On 5/15/15 3:30 AM, Ludwig Krispenz wrote:
On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote
On 05/19/2015 08:58 AM, thierry bordaz wrote:
On 05/19/2015 07:47 AM, Martin Kosek wrote:
On 05/19/2015 03:23 AM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more
stable, it is so much potential and yet.
Servers running for 6 days no issues. No
On 04/08/2015 12:04 PM, Martin Kosek wrote:
On 04/08/2015 11:52 AM, Alexander Frolushkin wrote:
Hello!
We used have a geo-replicated IPA with RHEL 7.0, and on one site ipa servers
was upgraded by mistake to RHEL 7.1 (ipa-server-4.1.0-18.el7_1.3.x86_64).
Now it is broken globally, in logs I
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is so much potential and yet.
Servers
On 05/20/2015 03:25 PM, Janelle wrote:
On 5/20/15 12:54 AM, Ludwig Krispenz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I
:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Ludwig Krispenz
*Sent:* Thursday, May 21, 2015 1:37 PM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] ruv problem
could you try this:
https://www.redhat.com/archives/freeipa-users/2015-May
could you try this:
https://www.redhat.com/archives/freeipa-users/2015-May/msg00062.html
it was successfully applied before
On 05/21/2015 06:58 AM, Alexander Frolushkin wrote:
Hello again.
Is it now clear how to deal with problem ipa-replica-manage list-ruv
showing
unable to decode:
On 05/21/2015 07:50 AM, Martin Kosek wrote:
On 05/20/2015 04:01 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:
This worked for me:
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=cm
(|(uid=admin)(name=admin)) dn
SASL/GSSAPI authentication started
SASL username:
Hi,
I have one scenario where I can show the comeback of the ghost rids.
but it requires a server where the rids have successfully cleaned and it
is killed or crashes. In that case, if the ghost rids have not yet
been trimmed from the changelog they can be recreated from information
in the
Kaminski wrote:
Ludwig Krispenz lkris...@redhat.com schrieb am 19.06.2015 13:23:43:
the first search is for the replication agreements and they keep
info about the consumer ruv, used in replication session. you cannot
modify these, but they are maintained in the dse.ldif, you could
Hi Christoph,
bad news. So to summarize, you have a procedure to cleanup your env, but
once you restart the master the ghosts are back.
I really want to find out where they are coming from, so If you have to
restart your server, could you please lookup these data, after the
server is
Hi,
On 06/19/2015 12:32 PM, Christoph Kaminski wrote:
in the second search I don't see nsds50ruv attributes for dead
entries, so the database ruv seems to be ok.
these are dead:
nscpentrywsi: nsDS5ReplicaBindDN:
krbprincipalname=ldap/ipa-2.mgmt.biotronik-h
)) nsDS5ReplicaId
then you could search
ldapsearch -h hostname -D cn=Directory Manager -W -b o=ipaca
((objectclass=nstombstone)(nsUniqueId=---
))
to see what you have in the ruv and eventually clean them
On 06/19/2015 01:48 PM, Christoph Kaminski wrote:
Ludwig Krispenz lkris
On 06/16/2015 02:08 PM, Janelle wrote:
On Jun 16, 2015, at 01:56, thierry bordaz tbor...@redhat.com wrote:
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote
On 06/16/2015 03:54 PM, Janelle wrote:
Good morning,
Just a quick note. I hope that all my questions do not make any one
the DEV Team think that I do not support FreeIPA wholly and
completely. I am a huge fan of this package and have in fact discussed
with several of my clients (I'm a
hrs after the
replica installation.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*Ludwig Krispenz [mailto:lkris...@redhat.com]
*Sent:* Wednesday, June 17, 2015 4:35 PM
*To:* Alexander Frolushkin (SIB)
*Cc:* 'thierry bordaz'; freeipa-users@redhat.com
*Subject:* Re
domain have such duplicates.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Ludwig Krispenz
*Sent:* Tuesday, June 16, 2015 3:52 PM
*To:* freeipa-users@redhat.com
*Subject:* Re
servers in IPA domain have such duplicates.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Ludwig Krispenz
*Sent:* Tuesday, June 16, 2015 3:52 PM
*To:* freeipa-users@redhat.com
+79232507764
*From:*freeipa-users-boun...@redhat.com
mailto:freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Ludwig
Krispenz
*Sent:* Tuesday, June 16, 2015 3:52 PM
*To:* freeipa-users@redhat.com mailto:freeipa-users@redhat.com
*From:*thierry bordaz [mailto:tbor...@redhat.com]
*Sent:* Wednesday, June 17, 2015 4:10 PM
*To:* Alexander Frolushkin (SIB)
*Cc:* 'Ludwig Krispenz'; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] replication conflicts
On 06/17/2015 11:56 AM, Alexander Frolushkin wrote
On 06/17/2015 11:52 AM, Ludwig Krispenz wrote:
On 06/17/2015 11:45 AM, thierry bordaz wrote:
On 06/17/2015 11:22 AM, Alexander Frolushkin wrote:
This was a usual ipa-replica-install --setup-ca --setup-dns and
after that ipa-adtrust-install.
No DEL found:
# grep cn=System: Manage Host
17, 2015 3:15 PM
*To:* Alexander Frolushkin (SIB)
*Cc:* 'Ludwig Krispenz'; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] replication conflicts
Hello Alexander,
How did you initialize that new replica 26.
Either 'cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote:
Usually means there is a replication conflict entry. You may be able
to get more details on what failed by looking at the LDAP access log
of both LDAP
On 06/16/2015 11:42 AM, Alexander Frolushkin wrote:
Hello.
Just to remind if somebody still not familiar with our IPA installation J
We currently have 18 IPA servers in domain, on 8 sites in different
regions across the Russia.
And now, our new problem.
Regularly we getting a
Work +79232507764
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Ludwig Krispenz
*Sent:* Tuesday, June 16, 2015 3:52 PM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] replication conflicts
On 06/16/2015 11:42 AM, Alexander
On 07/03/2015 02:03 PM, Petr Spacek wrote:
On 3.7.2015 11:45, thierry bordaz wrote:
On 06/30/2015 03:54 PM, Ludwig Krispenz wrote:
Hi,
389-ds allows to configure the max size of the replication changelog either
by setting a maximum record number or a maximum age of changes.
freeIPA does
Hi,
389-ds allows to configure the max size of the replication changelog
either by setting a maximum record number or a maximum age of changes.
freeIPA does not use this setting. In the context of ticket
https://fedorahosted.org/freeipa/ticket/5086 we are discussing to change
the default to
On 05/21/2015 03:04 PM, Janelle wrote:
On 5/21/15 5:49 AM, Rich Megginson wrote:
On 05/21/2015 06:25 AM, Janelle wrote:
On 5/21/15 5:20 AM, thierry bordaz wrote:
Hello Janelle,
Those 3 RIDs were already present in Node dc2-ipa1, correct ? They
reappeared on others nodes as well ?
May be
On 05/21/2015 01:36 PM, Janelle wrote:
And just like that - for no reason, they all reappeared:
unable to decode {replica 16} 5535647200030010 5535647200030010
unable to decode {replica 23} 5545d61f00020017 5552f71800030017
unable to decode {replica 24} 554d53d30018
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as
a replica some time ago with all the others. Think
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was installed as a
replica some time ago with all the others. Think of this -- the
original config had 5 servers, one of them was this server. Then the
other 4 servers
Hi
On 08/04/2015 06:14 PM, Janelle wrote:
On 8/4/15 9:06 AM, Ludwig Krispenz wrote:
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list shows all 16
1 of the servers broke
On 08/04/2015 05:40 PM, Rob Crittenden wrote:
Janelle wrote:
Hello again,
Just to keep your Tuesday fun, is this possible:
16 servers.
ipa-replica-manage list shows all 16
1 of the servers broke a couple of weeks ago and was removed with
clean-ruv but STILL shows up in the replica
On 07/22/2015 06:40 PM, Alexander Bokovoy wrote:
On Wed, 22 Jul 2015, Alexandre Ellert wrote:
Le 22 juil. 2015 à 18:08, Alexander Bokovoy aboko...@redhat.com a
écrit :
On Wed, 22 Jul 2015, Alexandre Ellert wrote:
# fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv
from both servers?
On 07/23/2015 09:56 AM, Sumit Bose wrote:
On Thu, Jul 23, 2015 at 09:18:43AM +0200, Torsten Harenberg wrote:
Hi Sumit,
The principal looks strange, I would at least expect the fully-qualified
name of the ipa server here. What does the 'hostname' command return? It
[root@ipa
you can change the cachememsize online:
ldapmodify
dn: cn=your backend name,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-cachememsize
nsslapd-cachememsize: new size
But I would also increase the dbcache size, which would
can you get a pstack of the slapd process along with a top -H to find th
ethread with high cpu usage
Ludwig
On 07/13/2015 04:46 PM, Andrew E. Bruno wrote:
We have 3 freeipa-replicas. Centos 7.1.1503, ipa-server 4.1.0-18, and
389-ds 1.3.3.1-16.
Recently, the ns-slapd process on one of our
On 07/13/2015 06:36 PM, Andrew E. Bruno wrote:
On Mon, Jul 13, 2015 at 05:29:13PM +0200, Ludwig Krispenz wrote:
On 07/13/2015 05:05 PM, Andrew E. Bruno wrote:
On Mon, Jul 13, 2015 at 04:58:46PM +0200, Ludwig Krispenz wrote:
can you get a pstack of the slapd process along with a top -H
-24.ccr.buffalo.edu adn the server with the high cpu:
ldapsearch -o ldif-wrap=no -x -D ... -w -b cn=config
objectclass=nsds5replica nsds50ruv
On 07/14/2015 02:35 PM, Andrew E. Bruno wrote:
On Tue, Jul 14, 2015 at 01:41:57PM +0200, Ludwig Krispenz wrote:
On 07/13/2015 06:36 PM, Andrew E. Bruno
,
Ludwig
On 07/15/2015 07:05 PM, Andrew E. Bruno wrote:
On Wed, Jul 15, 2015 at 04:58:23PM +0200, Ludwig Krispenz wrote:
On 07/15/2015 04:10 PM, Andrew E. Bruno wrote:
On Wed, Jul 15, 2015 at 03:22:51PM +0200, Ludwig Krispenz wrote:
On 07/14/2015 08:59 PM, Andrew E. Bruno wrote:
On Tue, Jul 14
On 07/13/2015 05:05 PM, Andrew E. Bruno wrote:
On Mon, Jul 13, 2015 at 04:58:46PM +0200, Ludwig Krispenz wrote:
can you get a pstack of the slapd process along with a top -H to find th
ethread with high cpu usage
Attached is the full stacktrace of the running ns-slapd proccess. top -H
shows
On 07/14/2015 08:59 PM, Andrew E. Bruno wrote:
On Tue, Jul 14, 2015 at 04:52:10PM +0200, Ludwig Krispenz wrote:
hm, the stack traces show csn_str, which correspond to Jul,8th, Jul,4th, and
Jul,7th - so it looks like it is iterating the changelog over and over
again.
Th consumer side Is cn
On 07/15/2015 04:10 PM, Andrew E. Bruno wrote:
On Wed, Jul 15, 2015 at 03:22:51PM +0200, Ludwig Krispenz wrote:
On 07/14/2015 08:59 PM, Andrew E. Bruno wrote:
On Tue, Jul 14, 2015 at 04:52:10PM +0200, Ludwig Krispenz wrote:
hm, the stack traces show csn_str, which correspond to Jul,8th, Jul
On 10/21/2015 03:56 PM, Dominik Korittki wrote:
Am 07.10.2015 um 17:30 schrieb thierry bordaz:
On 10/07/2015 05:03 PM, Dominik Korittki wrote:
Am 07.10.2015 um 15:25 schrieb thierry bordaz:
On 10/07/2015 11:19 AM, Martin Kosek wrote:
On 10/05/2015 02:13 PM, Dominik Korittki wrote:
Am
On 10/28/2015 02:06 PM, Sven Kieske wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 21/10/15 17:03, Ludwig Krispenz wrote:
It looks like it is accessing memory, which was freed in a
pre-bind plugin, this could be the issue tracked in
https://fedorahosted.org/389/ticket/48188
----Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Tuesday, November 10, 2015 9:48 AM
To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov>
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authenticat
what do you get if you search for "objectclass=krbprincipal" ?
On 11/10/2015 05:27 PM, Rich Megginson wrote:
On 11/10/2015 09:16 AM, Gronde, Christopher (Contractor) wrote:
Neither came back with anything
# ldapsearch -x -h 172.16.100.161 -D "cn=directory manager" -W -b
"dc=itmodev,dc=gov"
<rcrit...@redhat.com>; Ludwig Krispenz <lkris...@redhat.com>; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 05:54 PM, Gronde, Christopher (Contractor) wrote:
# ldapsearch -x -D 'cn=Directory Manager' -W -b
cn=
On 11/10/2015 06:26 PM, Rich Megginson wrote:
On 11/10/2015 10:25 AM, Ludwig Krispenz wrote:
On 11/10/2015 06:08 PM, Gronde, Christopher (Contractor) wrote:
# Kerberos uid mapping, mapping, sasl, config
dn: cn=Kerberos uid mapping,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass
: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: Tuesday, November 10, 2015 9:03 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] krb5kdc will not start (kerberos authentication
error)
On 11/10/2015 02:40 PM, Alexander Bokovoy
On 11/03/2015 04:24 PM, Andrew Krause wrote:
I upgraded 4 at the same time actually. It makes sense why the objects were
created and I do understand how replication conflicts are handled. I just
wanted to be absolutely certain that it was ok to delete these objects since it
seems pointless
On 08/27/2015 09:08 AM, Martin Kosek wrote:
On 08/26/2015 05:31 PM, Simo Sorce wrote:
On Wed, 2015-08-26 at 06:36 -0700, Janelle wrote:
Hello all,
My biggest problem is losing replicas and then trying to delete the
entries and rebuild them. Here is a perfect example, I simply can't get
rid
On 09/04/2015 04:37 PM, Christoph Kaminski wrote:
Hi
we have a lot of this messages in the error log of dirsrv... What can
be the problem and how can we fix it?
our (first) master (ipa-1.mgmt.biotronik-homemonitoring.int):
[04/Sep/2015:16:06:41 +0200] ipalockout_postop - [file
On 09/04/2015 04:49 PM, Christoph Kaminski wrote:
Hi All,
how can I delete a faulty user in IPA 4.1? The record in LDAP look
like this:
nsuniqueid=a69f868e-4b4411e5-99ef9ac3-776749aa+uid=zimt,cn=users,cn=accounts,dc=hso
this is a replication conflict entry, the user uid=zimt was added in
On 09/01/2015 04:39 PM, Andrew E. Bruno wrote:
A few months ago we had a replica failure where the system ran out of file
descriptors and the slapd database was corrupted:
https://www.redhat.com/archives/freeipa-users/2015-June/msg00389.html
We now monitor file descriptor counts on our
ool prompt you for the
directory manager password.
Hope this helps,
Guillermo
On Thu, Aug 27, 2015 at 10:27 AM, Janelle
<janellenicol...@gmail.com> wrote:
On 8/27/15 1:05 AM, thierry bordaz wrote:
On 08/27/2015 09:41 AM, Ludwig Krispenz wrote:
On 08
On 09/18/2015 12:24 AM, HECTOR LOPEZ wrote:
This is rhel 7.1 with ipa version 4.1.0
user-show shows the user. However, if the user contains
ipaNTSecurityIdentifier: attribute, user-del hangs with no response.
Meanwhile, the KDC and 389ds stop working. The only way to recover
functionality
On 09/23/2015 05:05 PM, Michael Lasevich wrote:
Yes, I am talking about 389ds as is integrated in FreeIPA (would be
silly to post completely non-IPA questions to this list...).
I am running FreeIPA 4.1.4 on CentOS 7.1 and RC4 is enabled on port
636 no matter what I do.
I am running "CentOS
Hi,
can you try to get a core dump:
http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes
and open a ticket for 389 DS: https://fedorahosted.org/389/newticket
Ludwig
On 09/24/2015 09:08 AM, Nicola Canepa wrote:
Hello, I'm trying to setup a partial replica of the LDAP tree
On 12/21/2015 05:49 PM, Alex Williams wrote:
I began installing a new ipa4 replica this morning and it all went
wrong. The ipa-replica-install script got all the way to restarting
ipa with systemctl at the very end, having set up replication and then
fell over, because systemctl couldn't find
1 - 100 of 198 matches
Mail list logo