On 09/09/2014 04:39 PM, Kat wrote:
Anyone seen this before -- 2 freshly kicked CentOS 7 installs:
On the replica from the ipa-replica-install :
reports: Update failed! Status: [10 Total update abortedLDAP error:
Referral]
Your system may be partly configured.
Run /usr/sbin/ipa-server-install
On 11/18/2014 07:44 PM, Will Sheldon wrote:
No, not resolved yet I did test with GSSAPI (-Y) and like you it
worked. :(
Hello,
Would it be possible to get server1/server2 logs (error/access) and
config (dse.ldif) ?. Turning on replication logs would help (
it be possible to
increase its value (5Mb) to see if it has an impact
Thanks
thierry
On 11/19/2014 09:49 AM, thierry bordaz wrote:
On 11/18/2014 07:44 PM, Will Sheldon wrote:
No, not resolved yet I did test with GSSAPI (-Y) and like you it
worked. :(
Hello,
Would it be possible to get server1/server2
On 11/20/2014 12:03 PM, dbisc...@hrz.uni-kassel.de wrote:
Hi,
On Thu, 20 Nov 2014, thierry bordaz wrote:
Server1 successfully replicated to Server2, but Server2 fails to
replicated to Server1.
The replication Server2-Server1 is done with kerberos
authentication. Server1 receives
On 12/05/2014 10:03 AM, thierry bordaz wrote:
On 12/05/2014 10:00 AM, Martin Kosek wrote:
On 12/03/2014 06:23 PM, Janelle wrote:
Hi all..
Was on vacation - now I'm back. Have a new problem I thought I would
run by you --
I have replica agreements between a server and 3 others. They all
On 12/05/2014 10:00 AM, Martin Kosek wrote:
On 12/03/2014 06:23 PM, Janelle wrote:
Hi all..
Was on vacation - now I'm back. Have a new problem I thought I would
run by you --
I have replica agreements between a server and 3 others. They all
show up in
ipa-replica-manage list, BUT when I
Hello,
Niranjan, may I have access to your test machine.
thanks
theirry
On 12/09/2014 10:01 AM, Martin Kosek wrote:
On 12/07/2014 03:01 PM, Niranjan M.R wrote:
On 12/06/2014 12:24 AM, Dmitri Pal wrote:
Hello,
WE NEED HELP!
The biggest and the most interesting feature of FreeIPA 4.1.2 is
On 12/09/2014 10:48 AM, Niranjan M.R wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/09/2014 02:57 PM, thierry bordaz wrote:
Hello,
Niranjan, may I have access to your test machine.
It's a vm on my laptop. I am trying to reproduce on another VM
to which i can give access. I
On 12/09/2014 01:54 PM, chymian wrote:
hey people,
after a successful install of ipa 4.0.5-2 on jessie, the named services started
flawless during setup. see attached log, Installation summary (line 3107)
but after reboot, it refuses to start. (did this install a couple times, on
vanilla
On 12/09/2014 11:15 AM, thierry bordaz wrote:
On 12/09/2014 10:48 AM, Niranjan M.R wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/09/2014 02:57 PM, thierry bordaz wrote:
Hello,
Niranjan, may I have access to your test machine.
It's a vm on my laptop. I am trying to reproduce
On 12/09/2014 04:07 PM, thierry bordaz wrote:
On 12/09/2014 11:15 AM, thierry bordaz wrote:
On 12/09/2014 10:48 AM, Niranjan M.R wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/09/2014 02:57 PM, thierry bordaz wrote:
Hello,
Niranjan, may I have access to your test machine.
It's
On 12/09/2014 11:52 PM, chymian wrote:
Am Dienstag, 9. Dezember 2014, 14:10:48 schrieb thierry bordaz:
On 12/09/2014 01:54 PM, chymian wrote:
hey people,
after a successful install of ipa 4.0.5-2 on jessie, the named services
started flawless during setup. see attached log, Installation
On 12/11/2014 08:56 AM, Niranjan M.R wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/09/2014 11:14 PM, thierry bordaz wrote:
On 12/09/2014 04:07 PM, thierry bordaz wrote:
On 12/09/2014 11:15 AM, thierry bordaz wrote:
On 12/09/2014 10:48 AM, Niranjan M.R wrote:
On 12/09/2014 02:57
On 12/12/2014 02:00 PM, Martin Kosek wrote:
On 12/11/2014 06:19 PM, Matt Chesler wrote:
I have a cluster of four IPA masters that should be performing fully
meshed
replication. I discovered yesterday that a recently created user
only existed
on a single master. After looking through all four
On 03/18/2015 07:21 PM, Rich Megginson wrote:
On 03/18/2015 11:07 AM, Kim Perrin wrote:
ah, good question. Relevant errors around trying to use the ldif I
included to remove replica ID 97 --
[18/Mar/2015:04:01:51 +] NSMMReplicationPlugin - CleanAllRUV Task:
Waiting for all the replicas to
replica Identifier (1685,1690,1695 and 1585,1590,1595).
Some of those Replica Identifiers are likely old one that need to cleared.
Did you run CLEANRUV ?
thanks
thierry
On 03/24/2015 11:20 AM, Łukasz Jaworski wrote:
Hi,
Wiadomość napisana przez thierry bordaz tbor...@redhat.com w dniu 24 mar
2015
On 03/24/2015 09:49 AM, Łukasz Jaworski wrote:
Wiadomość napisana przez Martin Kosek mko...@redhat.com w dniu 23 mar 2015, o
godz. 12:04:
On 03/23/2015 04:07 AM, Janelle wrote:
attrlist_replace - attr_replace (nsslapd-referral,
ldap://ipa1.example.com:389/o%3Dipaca) failed.
Hm, I do not met
On 04/21/2015 09:11 AM, Martin Kosek wrote:
On 04/21/2015 01:26 AM, Janelle wrote:
Hello,
When I was working with OpenLDAP, and AD - and did not deal with RUVs the way
I am with 389-ds and IPA.
I am trying to understand what is normal for values. If I am looking at this
(and seem to have no
On 04/29/2015 07:15 PM, Andy Thompson wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 1:07 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04
On 04/29/2015 05:58 PM, Andy Thompson wrote:
dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi: dn:
nsuniqueid=7e1a1f87-e82611e4-99f1b343-
f0abc1a8,cn=username,cn=groups,c
n=accounts,dc=mhbenp,dc=lin
nscpentrywsi:
On 04/29/2015 06:45 PM, Andy Thompson wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 29, 2015 12:28 PM
To: Andy Thompson
Cc: Ludwig Krispenz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29
On 04/30/2015 12:41 PM, Andy Thompson wrote:
You got a first replica where you failed to delete the entry.
You got a second replica where you succeeded to delete the entry.
On first replica you can see messages like:
[29/Apr/2015:07:21:32 -0400] ldbm_back_delete - conn=0 op=0 Turning a
On 04/29/2015 02:43 PM, Andy Thompson wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Wednesday, April 29, 2015 8:31 AM
To: Andy Thompson; freeipa-users@redhat.com; Ludwig Krispenz; Thierry
Bordaz
Subject: Re: [Freeipa-users] deleting ipa user
On 04/29/2015
On 04/29/2015 05:35 PM, Andy Thompson wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 29, 2015 11:28 AM
To: Andy Thompson
Cc: thierry bordaz; Martin Kosek; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] deleting ipa user
On 04
This is looking like thread 13 prevents thread 12 run (and all the others).
Now thread 13 is likely waiting for db page? We may need output of
db_stat (db_state -N -h /var/lib/dirsrv/slapd-xxx/db/ -CA)
thanks
thierry
On 05/06/2015 11:31 AM, Łukasz Jaworski wrote:
ldapsearch hangs. Dirsrv is
On 05/07/2015 05:39 AM, Janelle wrote:
On 5/6/15 8:12 PM, Vaclav Adamec wrote:
Hi,
Mike Reynolds recommend cleanallruv script (IPA RUV unable to decode
thread), if you are sure that's not any live replica server behind
this id than just try cleanallruv.pl -w X -b dc= -r 9
Vasek
On
On 05/15/2015 05:11 PM, James James wrote:
ok Rob. Thanks for your help. I will wait for the Scientific Linux 6.7 .
Hi James,
Unfortunately there is no workaround. This is a timing issue mostly seen
when the master is more powerful than the consumer.
If you are using VM you may try to get
On 05/19/2015 07:47 AM, Martin Kosek wrote:
On 05/19/2015 03:23 AM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more
stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes
(maybe a few
users
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the product
was more stable, it is so much potential and yet.
Servers running for 6 days no issues. No new accounts or changes
(maybe a few users changing
On 04/14/2015 05:36 PM, Mateusz Malek wrote:
On Fri, Apr 10, 2015 at 08:48 PM, Jakub Hrozek wrote:
On Fri, Apr 10, 2015 at 12:39:20PM -0400, Dmitri Pal wrote:
On 04/10/2015 08:13 AM, Mateusz Malek wrote:
I'm about to migrate my OpenLDAP-based environment to FreeIPA, however
I've hit some
On 04/16/2015 09:52 AM, Alexander Frolushkin wrote:
Hello again.
Now, in addition to
connection - conn= fd=xxx Incoming BER Element was too long, max
allowable is 209715200 bytes. Change the nsslapd-maxbersize attribute
in cn=config to increase.
messages, we have on six of our 16
On 04/13/2015 08:31 AM, Martin Kosek wrote:
On 04/11/2015 11:34 AM, Christoph Kaminski wrote:
Hi All
with the cmd:
ipa-replica-manage -v list myipaserver
I can see the status of the replication... But I dont understand the field
'last update ended'. What shows the field? The last
Hello Prashant,
If you are able to reproduce the problem (ipasshpubkey not
replicated), would you enable replication and plugin logging
(http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#Troubleshooting)
and provide the access/errors logs ?
thanks
thierry
On
On 04/07/2015 10:51 AM, Prashant Bapat wrote:
Hi Thierry,
Thanks for the reply.
Turned out that the slapi-plugin was not ignoring the replicated
operations. Problem solved.
Great news !
regards
thierry
Regards.
--Prashant
On 6 April 2015 at 23:25, thierry bordaz tbor...@redhat.com
On 04/08/2015 12:36 PM, Alexander Frolushkin wrote:
-Original Message-
From: Ludwig Krispenz [mailto:lkris...@redhat.com]
Sent: Wednesday, April 08, 2015 4:18 PM
To: Martin Kosek
Cc: Alexander Frolushkin (SIB); freeipa-users@redhat.com; Thierry Bordaz
Subject: Re: [Freeipa-users
On 04/08/2015 02:19 PM, Alexander Frolushkin wrote:
On one of accidently upgraded server I have following error in dirsrv logs:
[08/Apr/2015:13:24:12 +0300] connection - conn=1095 fd=131 Incoming BER Element
was too long, max allowable is 209715200 bytes. Change the nsslapd-maxbersize
On 04/09/2015 07:51 AM, Martin Kosek wrote:
On 04/09/2015 05:59 AM, Alexander Frolushkin wrote:
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Wednesday, April 08, 2015 6:36 PM
To: Alexander Frolushkin (SIB)
Cc: 'Ludwig Krispenz'; Martin Kosek; freeipa-users
On 04/09/2015 07:59 AM, Alexander Frolushkin wrote:
-Original Message-
From: Martin Kosek [mailto:mko...@redhat.com]
Sent: Thursday, April 09, 2015 11:51 AM
To: Alexander Frolushkin (SIB); 'thierry bordaz'
Cc: 'Ludwig Krispenz'; freeipa-users@redhat.com
Subject: Re: [Freeipa-users
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really wish the
product was more stable, it is so much potential and yet.
Servers running
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote:
On 05/19/2015 03:42 AM, Janelle wrote:
On 5/18/15 6:23 PM, Janelle wrote:
Once again, replication/sync has been lost. I really
On 06/01/2015 05:10 PM, Innes, Duncan wrote:
Petr,
We're using a different domain for IPA thankfully (unix.example.com),
but the AD guys control DNS and don't want to touch anything in the DNS
that might affect their example.com records. Everything is on the same
VLANs, so I didn't want to
GMT+02:00 thierry bordaz tbor...@redhat.com
mailto:tbor...@redhat.com:
On 05/15/2015 05:11 PM, James James wrote:
ok Rob. Thanks for your help. I will wait for the Scientific
Linux 6.7 .
Hi James,
Unfortunately there is no workaround. This is a timing issue
mostly seen
Hi,
Would you update your master to 389-ds-base-1.2.11.15-56.el6, before
attempting the upgrade to 7 ?
thanks
thierry
On 06/08/2015 12:30 PM, James James wrote:
My master version is 389-ds-base-1.2.11.15-50.el6_6.x86_64 .
Thanks.
2015-06-08 10:25 GMT+02:00 thierry bordaz tbor
On 06/22/2015 10:22 AM, Tamas Papp wrote:
On 06/19/2015 11:12 AM, Christoph Kaminski wrote:
for this problem you can see the thread Haunted servers? here on
ml. There is a solution from me for this but it doesnt work 100% :/
I would rather rerun the replication.
we have a Ticket @Red Hat
On 06/24/2015 10:02 AM, Christoph Kaminski wrote:
freeipa-users-boun...@redhat.com schrieb am 29.04.2015 17:51:46:
Am 29.04.2015 um 15:43 schrieb Ludwig Krispenz:
On 04/29/2015 03:17 PM, Martin (Lists) wrote:
Am 27.04.2015 um 09:45 schrieb Ludwig Krispenz:
On 04/26/2015 10:49 AM,
On 06/22/2015 11:50 AM, Tamas Papp wrote:
Fascinating.
Can you Red Hat guys reproduce this in you test environment?
Most of my tests are on RHEV with RHEL 7.1, I have not seen a crash of DS.
About the test case, you installed a server+replicas (version ?), then
turn on errorlog-level (do you
On 06/22/2015 02:39 PM, Tamas Papp wrote:
On 06/22/2015 02:20 PM, thierry bordaz wrote:
On 06/22/2015 11:50 AM, Tamas Papp wrote:
Fascinating.
Can you Red Hat guys reproduce this in you test environment?
Most of my tests are on RHEV with RHEL 7.1, I have not seen a crash
of DS.
About
-
replace: nsslapd-accesslog-level
nsslapd-accesslog-level:256
EOF
After this, IO was increased significally.
Two of servers hangs after some time, a lot of dups appears on most
IPA servers in domain.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*thierry bordaz [mailto:tbor
hangs and was restarted.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*Ludwig Krispenz [mailto:lkris...@redhat.com]
*Sent:* Wednesday, June 17, 2015 5:34 PM
*To:* Alexander Frolushkin (SIB)
*Cc:* 'thierry bordaz'; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users
-replica-manage
force-sync, or ipa-replica-manage re-initialize on affected site
servers from normal servers could help?
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*thierry bordaz [mailto:tbor...@redhat.com]
*Sent:* Wednesday, June 17, 2015 3:15 PM
*To:* Alexander
Hello Alexander,
How did you initialize that new replica 26.
Either 'cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=unix,dc=megafon,dc=ru' was not part of
the total init data, or a DEL of that entry happened on replica 26
(before a new ADD) but the DEL was not replicated to
...@redhat.com]
*Sent:* Wednesday, June 17, 2015 3:53 PM
*To:* thierry bordaz
*Cc:* Alexander Frolushkin (SIB); freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] replication conflicts
On 06/17/2015 11:45 AM, thierry bordaz wrote:
On 06/17/2015 11:22 AM, Alexander Frolushkin wrote
conflicts.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
*From:*thierry bordaz [mailto:tbor...@redhat.com]
*Sent:* Wednesday, June 17, 2015 6:16 PM
*To:* Alexander Frolushkin (SIB)
*Cc:* 'Ludwig Krispenz'; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] replication conflicts
On 06/16/2015 09:02 AM, Ludwig Krispenz wrote:
On 06/16/2015 05:07 AM, Janelle wrote:
On 6/15/15 1:12 PM, Rob Crittenden wrote:
Janelle wrote:
On 6/15/15 6:36 AM, Rob Crittenden wrote:
Usually means there is a replication conflict entry. You may be able
to get more details on what failed
On 05/29/2015 08:16 AM, Christoph Kaminski wrote:
freeipa-users-boun...@redhat.com schrieb am 28.05.2015 13:23:26:
Von: Alexander Frolushkin alexander.frolush...@megafon.ru
An: 'thierry bordaz' tbor...@redhat.com
Kopie: freeipa-users@redhat.com freeipa-users@redhat.com
Datum: 28.05.2015 13
Hello,
From a DS point of view, you may use logconv.pl to get a rapid summary
of the received activity (DS access logs).
You may take the same period of time on each server and compare the
results. It will give hints to know if the difference comes from bind,
connections, replication session,
to get it away with help of Red Hat support, but at this point - no
luck...
WBR,
Alexander Frolushkin
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Janelle
Sent: Tuesday, May 26, 2015 8:56 PM
To: thierry bordaz; Martin
, they requested dirsrv logs form hanged
server and from servers where error appeared again.
WBR,
Alexander Frolushkin
Cell +79232508764
Work +79232507764
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Thursday, May 28, 2015 1:24 PM
To: Alexander Frolushkin (SIB
Frolushkin
Cell +79232508764
Work +79232507764
-Original Message-
From: thierry bordaz [mailto:tbor...@redhat.com]
Sent: Thursday, May 28, 2015 1:49 PM
To: Alexander Frolushkin (SIB)
Cc: freeipa-users@redhat.com; 'Janelle'
Subject: Re: [Freeipa-users] Haunted servers?
On 05/28/2015 09:33 AM
On 07/03/2015 02:03 PM, Petr Spacek wrote:
On 3.7.2015 11:45, thierry bordaz wrote:
On 06/30/2015 03:54 PM, Ludwig Krispenz wrote:
Hi,
389-ds allows to configure the max size of the replication changelog either
by setting a maximum record number or a maximum age of changes.
freeIPA does
On 07/03/2015 02:28 PM, Petr Spacek wrote:
On 3.7.2015 14:21, thierry bordaz wrote:
On 07/03/2015 02:03 PM, Petr Spacek wrote:
On 3.7.2015 11:45, thierry bordaz wrote:
On 06/30/2015 03:54 PM, Ludwig Krispenz wrote:
Hi,
389-ds allows to configure the max size of the replication changelog
On 06/29/2015 06:34 PM, Andrew E. Bruno wrote:
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:
[29/Jun/2015:12:02:09 -0400] conn=215758
On 07/02/2015 04:14 PM, Andrew E. Bruno wrote:
On Thu, Jul 02, 2015 at 11:04:00AM +0200, thierry bordaz wrote:
On 06/29/2015 06:34 PM, Andrew E. Bruno wrote:
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs
On 06/30/2015 03:54 PM, Ludwig Krispenz wrote:
Hi,
389-ds allows to configure the max size of the replication changelog
either by setting a maximum record number or a maximum age of changes.
freeIPA does not use this setting. In the context of ticket
On 05/21/2015 06:09 PM, Janelle wrote:
On 5/21/15 8:12 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:59 PM, Janelle wrote:
On 5/21/15 6:46 AM, Ludwig Krispenz wrote:
On 05/21/2015 03:28 PM, Janelle wrote:
I think I found the problem.
There was a lone replica running in another DC. It was
On 05/21/2015 01:36 PM, Janelle wrote:
On 5/20/15 7:53 AM, Mark Reynolds wrote:
On 05/20/2015 10:17 AM, thierry bordaz wrote:
On 05/20/2015 03:46 PM, Janelle wrote:
On 5/20/15 6:01 AM, thierry bordaz wrote:
On 05/20/2015 02:57 AM, Janelle wrote:
On 5/19/15 12:04 AM, thierry bordaz wrote
On 05/26/2015 08:47 AM, Martin Kosek wrote:
On 05/26/2015 12:20 AM, Janelle wrote:
On 5/24/15 3:12 AM, Janelle wrote:
And just like that, my haunted servers have all returned.
I am going to just put a gun to my head and be done with it. :-(
Why do things run perfectly and then suddenly ???
On 08/18/2015 08:39 PM, Martin Kosek wrote:
On 08/10/2015 10:05 PM, Burke Rosen wrote:
Hello,
I'm running two replicated freeIPA servers. One of them spontaneously
failed.
After taking the misbehaving server down, the remaining replicant
handled
everything fine. I restored the system to its
On 11/11/2015 04:20 PM, Andrew Krause wrote:
Yesterday I came in to 3 of my 4 freeipa replicas in an unusable state and
replication was not connecting any of the hosts to each other. My
first/primary host was still servicing authentication requests, but the others
were in varying states of
% or more of our authentication requests. The
other 3 nodes are basically just a hot standby. At this point we’re hoping it
was a fluke, we’ve tightened our monitoring and awareness since we have no way
to explain the root cause.
On Nov 12, 2015, at 2:38 AM, thierry bordaz <tbor...@redhat.com>
On 10/07/2015 11:19 AM, Martin Kosek wrote:
On 10/05/2015 02:13 PM, Dominik Korittki wrote:
Am 01.10.2015 um 21:52 schrieb Rob Crittenden:
Dominik Korittki wrote:
Hello folks,
I am running two FreeIPA Servers with around 100 users and around 15.000
hosts, which are used by users to login
On 10/07/2015 05:03 PM, Dominik Korittki wrote:
Am 07.10.2015 um 15:25 schrieb thierry bordaz:
On 10/07/2015 11:19 AM, Martin Kosek wrote:
On 10/05/2015 02:13 PM, Dominik Korittki wrote:
Am 01.10.2015 um 21:52 schrieb Rob Crittenden:
Dominik Korittki wrote:
Hello folks,
I am running two
On 08/27/2015 09:41 AM, Ludwig Krispenz wrote:
On 08/27/2015 09:08 AM, Martin Kosek wrote:
On 08/26/2015 05:31 PM, Simo Sorce wrote:
On Wed, 2015-08-26 at 06:36 -0700, Janelle wrote:
Hello all,
My biggest problem is losing replicas and then trying to delete the
entries and rebuild them.
On 09/14/2015 08:18 AM, Martin Kosek wrote:
On 09/12/2015 01:12 AM, Craig White wrote:
ipa-server-4.1.0-18.el7_1.4.x86_64
Maybe I was spoiled but from the web ui, I can't seem to search for hosts or
DNS names - all searches seem to return nothing at all
User searches work (thankfully)
Hi,
If it hangs again, could you get a pstack of the slapd process
And also dump the db info
'db_stat -h /var/lib/dirsrv/slapd-/db -N -CA'. This would
help to know which thread holds the lock that that blocks those operations ?
thanks
thierry
On 09/18/2015 09:20 PM, HECTOR LOPEZ
On 01/04/2016 01:03 PM, Martin Kosek wrote:
On 12/22/2015 04:16 PM, Simo Sorce wrote:
On Tue, 2015-12-22 at 10:24 +0100, thierry bordaz wrote:
On 12/21/2015 05:55 PM, Daryl Fonseca-Holt wrote:
Hi all,
Environment: RHEL6 with IPA 3.0 at current RedHat level. 64-core
256-GB RAM Oracle x4470 M2
On 12/21/2015 05:55 PM, Daryl Fonseca-Holt wrote:
Hi all,
Environment: RHEL6 with IPA 3.0 at current RedHat level. 64-core
256-GB RAM Oracle x4470 M2.
During our migration from NIS on Solaris 140,000+ accounts will be
added. After tuning per the guides dbmon.sh shows no roevicts and we
get
Hi Justin,
I was trying to reproduce this but I think I am missing some steps.
Do you mind reviewing my testcase to check what is missing ?
The test case is :
install master M, prepare replica (+copy of gpg), install replica
(new master) R.
On R:
* Authenticate as
On 01/23/2016 11:08 PM, Günther J. Niederwimmer wrote:
Hello,
I have installed freeIPA from a CentOS 7.2 with a replica Server, but I have
on all two masters a Error.
NSMMReplicationPlugin - replication keep alive entry
On 01/20/2016 09:20 AM, Alexander Bokovoy wrote:
On Tue, 19 Jan 2016, Simpson Lachlan wrote:
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Let's start from the beginning:
- What distribution you are running?
Centos, Linux release 7.2.1511 (Core)
-
Hello Deryl,
My understanding is that ns-slapd is first slow to startup. Then
when krb5kdc is starting it may load ns-slapd.
We identified krb5kdc may be impacted by the number of users accounts.
From the ns-slapd errors log it is not clear why it is so slow to
start.
Would
by the number of users. You may issue something like 'ipa
user-find ' and the access log should show if the authentication
phase is really slow.
thanks
theirry
On 03/11/2016 02:52 PM, Daryl Fonseca-Holt wrote:
On 03/11/16 02:40, thierry bordaz wrote:
Hello Deryl,
My understanding
as an experiment for now. I need to advance
the project into High Availability testing but cannot do so without a
functioning replica.
Regards, Daryl
On 03/14/16 09:20, thierry bordaz wrote:
Hi Daryl,
Thanks for all the data. I will look at the pstacks. A first look
shows that you capture import, bind
missed the link) and will be back to you.
have a good week end
thierry
On 03/11/2016 02:52 PM, Daryl Fonseca-Holt wrote:
On 03/11/16 02:40, thierry bordaz wrote:
Hello Deryl,
My understanding is that ns-slapd is first slow to startup. Then
when krb5kdc is starting it may load ns-slapd
cah/ipa/slapd-pstacks.console
Thanks, Daryl
On 03/11/16 02:40, thierry bordaz wrote:
Hello Deryl,
My understanding is that ns-slapd is first slow to startup. Then
when krb5kdc is starting it may load ns-slapd.
We identified krb5kdc may be impacted by the number of users
accou
On 07/07/2016 03:47 PM, Martin Kosek wrote:
On 06/21/2016 05:19 PM, Ash Alam wrote:
anyone have any thoughts on this?
Thank You
On Fri, Jun 10, 2016 at 2:59 PM, Ash Alam > wrote:
Hello
I have been going through the lists
On 01/31/2017 03:37 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/30/17 09:10, thierry bordaz wrote:
I understand your concern and in fact it is difficult to anticipate a
potential bad impact of this cleanup. However,I think it is safe to get rid of
the following entry.
Before doing so you
On 01/23/2017 08:43 AM, Harald Dunkel wrote:
Hi Thierry,
On 01/20/17 14:17, thierry bordaz wrote:
I agree that it is looking like the conflict entry is the most up-to-date one.
To try to repair, it would help if you can search groups
cn=System: Read DNS Configuration,cn=permissions,cn=pbac
On 01/23/2017 05:09 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/23/17 11:59, thierry bordaz wrote:
We need to get a clear status before trying to swap them.
For example in your attachment the valid entry is member of 'DNS Admin' while
the conflict one is not. So possibly the valid entry
On 01/24/2017 04:18 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/24/17 15:01, thierry bordaz wrote:
Hopefully yes, but there were 2 conflicts that already made some
problems:
deleting entry
"cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,
On 01/24/2017 12:36 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/23/17 17:45, thierry bordaz wrote:
On 01/23/2017 05:09 PM, Harald Dunkel wrote:
I created a full replica (including CA) in an LXC container today
("ipabak"). The idea is to take a snapshot of the whole container,
On 01/26/2017 10:55 AM, Harald Dunkel wrote:
Hi Thierry,
good new: I got rid of most of the conflicting entries. There
are only 2 left (see below). They look circular somehow.
That is excellent news. Great !
Please note that the unwanted list of ipa servers is empty. The
official list
On 01/27/2017 12:51 PM, Harald Dunkel wrote:
Hi Thierry,
On 01/26/17 16:55, thierry bordaz wrote:
Those entries are managed entries and it is not possible to delete them from
direct ldap command.
A solution proposed by Ludwig is not first make them unmanaged:
cn=ipaservers+nsuniqueid
On 01/24/2017 02:22 PM, Harald Dunkel wrote:
On 01/24/17 12:57, thierry bordaz wrote:
If I understand correctly the iterations of development I do not understand
why, at this point, you need to reconnect ipabak.
After you create ipabak replica, you take a snapshot of it (let ipabak_0
On 01/20/2017 12:23 PM, Harald Dunkel wrote:
On 01/18/17 16:22, Ludwig Krispenz wrote:
I think the procedure in the link about renaming is only needed if you want to keep both
entries with a "normal" dn. But you want to get rid of the conflict entries.
Since you have to cleanup each of
b.com/richm/scripts/wiki/dbmon.sh
<https://github.com/richm/scripts/wiki/dbmon.sh>
thanks
Rakesh
On Mon, Aug 29, 2016 at 8:16 PM, thierry bordaz
<tbor...@redhat.com <mailto:tbor...@redhat.com>> wrote:
H
-dbcachesize and nsslapd-cachememsize to
200MB
I will again start migrating hosts back to IPA and see if I face
the earlier issue.
I will update back once I have something
Thanks,
Rakesh
On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz
<tbor...@redhat.c
Hi Timothy,
The changenumber counter is protected by a lock and we should not see
duplicate value.. except if there is a bug :-(
Retrieving the time when changenumber=112697,cn=changelog was created
and the time when you saw the error, can you see any error in operations
(access log) or in
, thierry bordaz wrote:
Hi Timothy,
The changenumber counter is protected by a lock and we should not see
duplicate value.. except if there is a bug :-(
Retrieving the time when changenumber=112697,cn=changelog was created
and the time when you saw the error, can you see any error in
operations
On 10/19/2016 03:48 PM, Andrew E. Bruno wrote:
On Wed, Oct 19, 2016 at 10:13:26AM +0200, Ludwig Krispenz wrote:
On 10/18/2016 08:52 PM, Andrew E. Bruno wrote:
We had one of our replicas fail today with the following errors:
[18/Oct/2016:13:40:47 -0400]
1 - 100 of 105 matches
Mail list logo