you should only remove agreements to no longer existing servers, eg where:
nsDS5ReplicaHost: kdc01.unix.iriszorg.nl
the other one should remain, not sure why it cannot contact the server
On 09/26/2016 03:35 PM, Natxo Asenjo wrote:
hi,
or do I need to remove:
dn:
hi,
or do I need to remove:
dn:
cn=cloneAgreement1-kdc03.unix.iriszorg.nl-pki-tomcat,cn=replica,cn=o\3Dipa
ca,cn=mapping tree,cn=config
because it has this:
nsds5replicaLastUpdateStatus: -1 Unable to acquire replicaLDAP error: Can't
co
ntact LDAP server
nsds5replicaUpdateInProgress: FALSE
hi,
On Mon, Sep 26, 2016 at 3:06 PM, Ludwig Krispenz
wrote:
>
> On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
>
>
> so the command has not been successful in the kdc03. in the dirsrv errors
> log I see:
>
> [26/Sep/2016:14:50:54 +0200] NSMMReplicationPlugin - CleanAllRUV
On 09/26/2016 02:56 PM, Natxo Asenjo wrote:
On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo > wrote:
On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
> wrote:
On
On Mon, Sep 26, 2016 at 1:54 PM, Natxo Asenjo
wrote:
>
>
>
> On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
> wrote:
>
>>
>> On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
>>
>> And in my example, the replica id would be 66, 96, 71 and 97, correct?
>>
On Mon, Sep 26, 2016 at 1:50 PM, Ludwig Krispenz
wrote:
>
> On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
>
> hi,
>
> I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went
> correctly.
>
> Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
>
>
On 09/26/2016 01:36 PM, Natxo Asenjo wrote:
hi,
I recently upgraded a centos 6.8 realm to centos 7.2 and it almost
went correctly.
Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
hi,
I recently upgraded a centos 6.8 realm to centos 7.2 and it almost went
correctly.
Now I see some errors in /var/log/dirsrv/slapd-INSTANCENAME/errors
26/Sep/2016:13:20:15 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://kdc03.unix.iriszorg.nl:389/o%3Dipaca) failed
and
Hello,
I'm setting up a freeIPA replica topology in AWS, and need to have replicas
in different regions, and clients will be in different regions. The IPA
servers will have an external IP, but the hostname of the servers are going
to resolve to the internal IP. I am going to have a domain name
On 09/01/2015 04:39 PM, Andrew E. Bruno wrote:
A few months ago we had a replica failure where the system ran out of file
descriptors and the slapd database was corrupted:
https://www.redhat.com/archives/freeipa-users/2015-June/msg00389.html
We now monitor file descriptor counts on our
A few months ago we had a replica failure where the system ran out of file
descriptors and the slapd database was corrupted:
https://www.redhat.com/archives/freeipa-users/2015-June/msg00389.html
We now monitor file descriptor counts on our replicas and last night we
had 2 of our 3 replicas fail
On Tue, Sep 01, 2015 at 05:03:10PM +0200, Ludwig Krispenz wrote:
>
> On 09/01/2015 04:39 PM, Andrew E. Bruno wrote:
> >A few months ago we had a replica failure where the system ran out of file
> >descriptors and the slapd database was corrupted:
> >
>
On 09/01/2015 09:20 AM, Andrew E. Bruno wrote:
On Tue, Sep 01, 2015 at 05:03:10PM +0200, Ludwig Krispenz wrote:
On 09/01/2015 04:39 PM, Andrew E. Bruno wrote:
A few months ago we had a replica failure where the system ran out of file
descriptors and the slapd database was corrupted:
On 05/15/2013 12:48 AM, Christian Hernandez wrote:
Not sure if anyone noticed that the site is down
http://www.freeipa.org/
Thank you,
Christian Hernandez
1225 Los Angeles Street
Glendale, CA 91204
Phone: 877-782-2737 ext. 4566
Fax: 818-265-3152
christi...@4over.com
Hello everyone.
Is there a limit to the number of replicas you may have? Are there any
documents detailing scaling limits for freeIPA?
Thanks!
___
Freeipa-users mailing list
Freeipa-users@redhat.com
Andrew Tranquada wrote:
Hello everyone.
Is there a limit to the number of replicas you may have? Are there any
documents detailing scaling limits for freeIPA?
The maximum number of masters tested is 20. There is nothing in the code
to prevent more, and there are users that have more.
For
Awesome thank you.
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Tuesday, May 14, 2013 10:05 AM
To: Andrew Tranquada; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Replicas
Andrew Tranquada wrote:
Hello everyone.
Is there a limit
.
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Tuesday, May 14, 2013 10:05 AM
To: Andrew Tranquada; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Replicas
Andrew Tranquada wrote:
Hello everyone.
Is there a limit to the number of replicas you may have? Are there any
documents
understood thank you
From: Simo Sorce [sso...@redhat.com]
Sent: Tuesday, May 14, 2013 10:54 AM
To: Andrew Tranquada
Cc: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Replicas
- Original Message -
Awesome thank you.
note
: [Freeipa-users] Replicas
- Original Message -
Awesome thank you.
note, we recommend no more than 4 replication agreements per master, so
you should create a topology keeping this in mind (IE do not make 19
servers all have a replication agreement with 1).
Simo
On 02/16/2012 12:38 PM, Ian Levesque wrote:
On Feb 15, 2012, at 7:22 PM, Rich Megginson wrote:
Sorry for not getting back to you sooner. I can't say for sure, but it does
look like you are running into some of the tombstone issues we have fixed in
1.2.10.1-1 (now in updates-testing)
OK,
On 02/10/2012 01:00 PM, Ian Levesque wrote:
On Feb 10, 2012, at 1:36 PM, Rich Megginson wrote:
This may be related to https://fedorahosted.org/389/ticket/273 and
https://fedorahosted.org/389/ticket/274 which have been fixed in
1.2.10
In this case Ian please open a bugzilla, it looks like we
On Thu, 2012-02-09 at 17:01 -0700, Rich Megginson wrote:
This may be related to https://fedorahosted.org/389/ticket/273 and
https://fedorahosted.org/389/ticket/274 which have been fixed in
1.2.10
In this case Ian please open a bugzilla, it looks like we need to
address this in RHEL6.
Simo.
On Feb 10, 2012, at 1:36 PM, Rich Megginson wrote:
This may be related to https://fedorahosted.org/389/ticket/273 and
https://fedorahosted.org/389/ticket/274 which have been fixed in
1.2.10
In this case Ian please open a bugzilla, it looks like we need to
address this in RHEL6.
I'll
On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote:
On the replica:
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[sbgrid-directory.in.hwlab] reports: Update failed! Status: [-2 -
System error]
creation of
On Feb 9, 2012, at 1:57 PM, Simo Sorce wrote:
On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote:
On the replica:
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
[sbgrid-directory.in.hwlab] reports: Update failed!
On Thu, 2012-02-09 at 16:25 -0500, Ian Levesque wrote:
On Feb 9, 2012, at 1:57 PM, Simo Sorce wrote:
On Tue, 2012-02-07 at 23:19 -0500, Ian Levesque wrote:
On the replica:
[21/29]: setting up initial replication
Starting replication, please wait until this has completed.
On Feb 9, 2012, at 4:59 PM, Rich Megginson wrote:
I think you failed to properly clean=up before reinstalling the replica.
On the replica make sure you run:
ipa-server-install --uninstall
On the primary:
ipa-replica-manage --force del sbgrid-directory-replica.in.hwlab
You will have
On Thu, 2012-02-09 at 17:21 -0500, Ian Levesque wrote:
On Feb 9, 2012, at 4:59 PM, Rich Megginson wrote:
I think you failed to properly clean=up before reinstalling the replica.
On the replica make sure you run:
ipa-server-install --uninstall
On the primary:
ipa-replica-manage
OK, that's good to know. So, assuming the problem is that there was an
invalid cached credential getting in the way, here's what I did to attempt a
reconfiguration of the replica:
replica: ipa-server-install --uninstall reboot
primary: ipa-replica-manage --force del
On Thu, 2012-02-09 at 17:53 -0500, Ian Levesque wrote:
OK, that's good to know. So, assuming the problem is that there was an
invalid cached credential getting in the way, here's what I did to attempt
a reconfiguration of the replica:
replica: ipa-server-install --uninstall reboot
Hello,
On our production IPA servers, we have been running in a multi-master state
successfully for several weeks. Yesterday, while attempting to modify some
permissions and roles using the web UI, we had an odd problem where the web UI
became unresponsive. In an attempt to resolve the issue,
Ian Levesque wrote:
Hello,
On our production IPA servers, we have been running in a multi-master state
successfully for several weeks. Yesterday, while attempting to modify some
permissions and roles using the web UI, we had an odd problem where the web UI
became unresponsive. In an attempt
On Feb 7, 2012, at 3:39 PM, Rob Crittenden wrote:
snip
Strange. Is your 389-ds instance running? If so can you run this query:
ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org'
'(krbprincipalname=*sbgrid-directory*)'
I have the feeling that the principals for your IPA server
Ian Levesque wrote:
On Feb 7, 2012, at 3:39 PM, Rob Crittenden wrote:
snip
Strange. Is your 389-ds instance running? If so can you run this query:
ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org'
'(krbprincipalname=*sbgrid-directory*)'
I have the feeling that the principals for
snip
Strange. Is your 389-ds instance running? If so can you run this query:
ldapsearch -x -b 'cn=services,cn=accounts,dc=sbgrid,dc=org'
'(krbprincipalname=*sbgrid-directory*)'
I have the feeling that the principals for your IPA server have gone away.
Rather than post all the output,
36 matches
Mail list logo