Re: [Freeipa-users] replicas removed, but incorrectly

you should only remove agreements to no longer existing servers, eg where: nsDS5ReplicaHost: kdc01.unix.iriszorg.nl the other one should remain, not sure why it cannot contact the server On 09/26/2016 03:35 PM, Natxo Asenjo wrote: hi, or do I need to remove: dn:

Re: [Freeipa-users] replicas removed, but incorrectly

hi, or do I need to remove: dn: cn=cloneAgreement1-kdc03.unix.iriszorg.nl-pki-tomcat,cn=replica,cn=o\3Dipa ca,cn=mapping tree,cn=config because it has this: nsds5replicaLastUpdateStatus: -1 Unable to acquire replicaLDAP error: Can't co ntact LDAP server nsds5replicaUpdateInProgress: FALSE

Re: [Freeipa-users] replicas removed, but incorrectly

hi, On Mon, Sep 26, 2016 at 3:06 PM, Ludwig Krispenz wrote: > > On 09/26/2016 02:56 PM, Natxo Asenjo wrote: > > > so the command has not been successful in the kdc03. in the dirsrv errors > log I see: > > [26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV

Re: [Freeipa-users] replicas removed, but incorrectly

On 09/26/2016 02:56 PM, Natxo Asenjo wrote: On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo > wrote: On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz > wrote: On

Re: [Freeipa-users] replicas removed, but incorrectly

On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo wrote: > > > > On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz > wrote: > >> >> On 09/26/2016 01:36 PM, Natxo Asenjo wrote: >> >> And in my example, the replica id would be 66, 96, 71 and 97, correct? >>

Re: [Freeipa-users] replicas removed, but incorrectly

On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz wrote: > > On 09/26/2016 01:36 PM, Natxo Asenjo wrote: > > hi, > > I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went > correctly. > > Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors > >

Re: [Freeipa-users] replicas removed, but incorrectly

On 09/26/2016 01:36 PM, Natxo Asenjo wrote: hi, I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went correctly. Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors 26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace (nsslapd-referral,

[Freeipa-users] replicas removed, but incorrectly

hi, I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went correctly. Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors 26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace (nsslapd-referral, ldap://kdc03.unix.iriszorg.nl:389/o%3Dipaca) failed and

[Freeipa-users] Replicas in different AWS Regions

Hello, I'm setting up a freeIPA replica topology in AWS, and need to have replicas in different regions, and clients will be in different regions. The IPA servers will have an external IP, but the hostname of the servers are going to resolve to the internal IP. I am going to have a domain name

Re: [Freeipa-users] replicas unresponsive with increasing file descriptors

On 09/01/2015 04:39 PM, Andrew E. Bruno wrote: A few months ago we had a replica failure where the system ran out of file descriptors and the slapd database was corrupted: https://www.redhat.com/archives/freeipa-users/2015-June/msg00389.html We now monitor file descriptor counts on our

[Freeipa-users] replicas unresponsive with increasing file descriptors

A few months ago we had a replica failure where the system ran out of file descriptors and the slapd database was corrupted: https://www.redhat.com/archives/freeipa-users/2015-June/msg00389.html We now monitor file descriptor counts on our replicas and last night we had 2 of our 3 replicas fail

Re: [Freeipa-users] replicas unresponsive with increasing file descriptors

On Tue, Sep 01, 2015 at 05:03:10PM +0200, Ludwig Krispenz wrote: > > On 09/01/2015 04:39 PM, Andrew E. Bruno wrote: > >A few months ago we had a replica failure where the system ran out of file > >descriptors and the slapd database was corrupted: > > >

Re: [Freeipa-users] replicas unresponsive with increasing file descriptors

On 09/01/2015 09:20 AM, Andrew E. Bruno wrote: On Tue, Sep 01, 2015 at 05:03:10PM +0200, Ludwig Krispenz wrote: On 09/01/2015 04:39 PM, Andrew E. Bruno wrote: A few months ago we had a replica failure where the system ran out of file descriptors and the slapd database was corrupted:

Re: [Freeipa-users] Replicas

On 05/15/2013 12:48 AM, Christian Hernandez wrote: Not sure if anyone noticed that the site is down http://www.freeipa.org/ Thank you, Christian Hernandez 1225 Los Angeles Street Glendale, CA 91204 Phone: 877-782-2737 ext. 4566 Fax: 818-265-3152 christi...@4over.com

[Freeipa-users] Replicas

Hello everyone. Is there a limit to the number of replicas you may have? Are there any documents detailing scaling limits for freeIPA? Thanks! ___ Freeipa-users mailing list Freeipa-users@redhat.com

Re: [Freeipa-users] Replicas

Andrew Tranquada wrote: Hello everyone. Is there a limit to the number of replicas you may have? Are there any documents detailing scaling limits for freeIPA? The maximum number of masters tested is 20. There is nothing in the code to prevent more, and there are users that have more. For

Re: [Freeipa-users] Replicas

Awesome thank you. From: Rob Crittenden [rcrit...@redhat.com] Sent: Tuesday, May 14, 2013 10:05 AM To: Andrew Tranquada; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Replicas Andrew Tranquada wrote: Hello everyone. Is there a limit

Re: [Freeipa-users] Replicas

. From: Rob Crittenden [rcrit...@redhat.com] Sent: Tuesday, May 14, 2013 10:05 AM To: Andrew Tranquada; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Replicas Andrew Tranquada wrote: Hello everyone. Is there a limit to the number of replicas you may have? Are there any documents

Re: [Freeipa-users] Replicas

understood thank you From: Simo Sorce [sso...@redhat.com] Sent: Tuesday, May 14, 2013 10:54 AM To: Andrew Tranquada Cc: Rob Crittenden; freeipa-users@redhat.com Subject: Re: [Freeipa-users] Replicas - Original Message - Awesome thank you. note

Re: [Freeipa-users] Replicas

: [Freeipa-users] Replicas - Original Message - Awesome thank you. note, we recommend no more than 4 replication agreements per master, so you should create a topology keeping this in mind (IE do not make 19 servers all have a replication agreement with 1). Simo

Re: [Freeipa-users] Replicas in a state of confusion

On 02/16/2012 12:38 PM, Ian Levesque wrote: On Feb 15, 2012, at 7:22 PM, Rich Megginson wrote: Sorry for not getting back to you sooner. I can't say for sure, but it does look like you are running into some of the tombstone issues we have fixed in 1.2.10.1-1 (now in updates-testing) OK,

Re: [Freeipa-users] Replicas in a state of confusion

On 02/10/2012 01:00 PM, Ian Levesque wrote: On Feb 10, 2012, at 1:36 PM, Rich Megginson wrote: This may be related to https://fedorahosted.org/389/ticket/273 and https://fedorahosted.org/389/ticket/274 which have been fixed in 1.2.10 In this case Ian please open a bugzilla, it looks like we

Re: [Freeipa-users] Replicas in a state of confusion

On Thu, 2012-02-09 at 17:01 -0700, Rich Megginson wrote: This may be related to https://fedorahosted.org/389/ticket/273 and https://fedorahosted.org/389/ticket/274 which have been fixed in 1.2.10 In this case Ian please open a bugzilla, it looks like we need to address this in RHEL6. Simo.

Re: [Freeipa-users] Replicas in a state of confusion

On Feb 10, 2012, at 1:36 PM, Rich Megginson wrote: This may be related to https://fedorahosted.org/389/ticket/273 and https://fedorahosted.org/389/ticket/274 which have been fixed in 1.2.10 In this case Ian please open a bugzilla, it looks like we need to address this in RHEL6. I'll

Re: [Freeipa-users] Replicas in a state of confusion

On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote: On the replica: [21/29]: setting up initial replication Starting replication, please wait until this has completed. [sbgrid-directory.in.hwlab] reports: Update failed! Status: [-2 - System error] creation of

Re: [Freeipa-users] Replicas in a state of confusion

On Feb 9, 2012, at 1:57 PM, Simo Sorce wrote: On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote: On the replica: [21/29]: setting up initial replication Starting replication, please wait until this has completed. [sbgrid-directory.in.hwlab] reports: Update failed!

Re: [Freeipa-users] Replicas in a state of confusion

On Thu, 2012-02-09 at 16:25 -0500, Ian Levesque wrote: On Feb 9, 2012, at 1:57 PM, Simo Sorce wrote: On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote: On the replica: [21/29]: setting up initial replication Starting replication, please wait until this has completed.

Re: [Freeipa-users] Replicas in a state of confusion

On Feb 9, 2012, at 4:59 PM, Rich Megginson wrote: I think you failed to properly clean=up before reinstalling the replica. On the replica make sure you run: ipa-server-install --uninstall On the primary: ipa-replica-manage --force del sbgrid-directory-replica.in.hwlab You will have

Re: [Freeipa-users] Replicas in a state of confusion

On Thu, 2012-02-09 at 17:21 -0500, Ian Levesque wrote: On Feb 9, 2012, at 4:59 PM, Rich Megginson wrote: I think you failed to properly clean=up before reinstalling the replica. On the replica make sure you run: ipa-server-install --uninstall On the primary: ipa-replica-manage

Re: [Freeipa-users] Replicas in a state of confusion

OK, that's good to know. So, assuming the problem is that there was an invalid cached credential getting in the way, here's what I did to attempt a reconfiguration of the replica: replica: ipa-server-install --uninstall reboot primary: ipa-replica-manage --force del

Re: [Freeipa-users] Replicas in a state of confusion

On Thu, 2012-02-09 at 17:53 -0500, Ian Levesque wrote: OK, that's good to know. So, assuming the problem is that there was an invalid cached credential getting in the way, here's what I did to attempt a reconfiguration of the replica: replica: ipa-server-install --uninstall reboot

[Freeipa-users] Replicas in a state of confusion

Hello, On our production IPA servers, we have been running in a multi-master state successfully for several weeks. Yesterday, while attempting to modify some permissions and roles using the web UI, we had an odd problem where the web UI became unresponsive. In an attempt to resolve the issue,

Re: [Freeipa-users] Replicas in a state of confusion

Ian Levesque wrote: Hello, On our production IPA servers, we have been running in a multi-master state successfully for several weeks. Yesterday, while attempting to modify some permissions and roles using the web UI, we had an odd problem where the web UI became unresponsive. In an attempt

Re: [Freeipa-users] Replicas in a state of confusion

On Feb 7, 2012, at 3:39 PM, Rob Crittenden wrote: snip Strange. Is your 389-ds instance running? If so can you run this query: ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org' '(krbprincipalname=*sbgrid-directory*)' I have the feeling that the principals for your IPA server

Re: [Freeipa-users] Replicas in a state of confusion

Ian Levesque wrote: On Feb 7, 2012, at 3:39 PM, Rob Crittenden wrote: snip Strange. Is your 389-ds instance running? If so can you run this query: ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org' '(krbprincipalname=*sbgrid-directory*)' I have the feeling that the principals for

Re: [Freeipa-users] Replicas in a state of confusion

snip Strange. Is your 389-ds instance running? If so can you run this query: ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org' '(krbprincipalname=*sbgrid-directory*)' I have the feeling that the principals for your IPA server have gone away. Rather than post all the output,