Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
On 10/03/17 16:24, Rob Crittenden wrote: lejeczek wrote: On 06/03/17 20:11, Rob Crittenden wrote: lejeczek wrote: hi everyone I've seemingly finely working domain, I mean it all seem fine to me, except for: [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) being logged quite frequently, as you can see. Setup: ipa-client-4.4.0-14.el7.centos.4.x86_64 ipa-client-common-4.4.0-14.el7.centos.4.noarch ipa-common-4.4.0-14.el7.centos.4.noarch ipa-python-compat-4.4.0-14.el7.centos.4.noarch ipa-server-4.4.0-14.el7.centos.4.x86_64 ipa-server-common-4.4.0-14.el7.centos.4.noarch ipa-server-dns-4.4.0-14.el7.centos.4.noarch Replication, users, logins, all seem normal. But above bothers me as I am afraid it may one day turn out critical and brake stuff down. This is on the first server that initiated the domain, long time ago. There is a second server which logs the same, but only a few entries then goes quiet. Third server's error log is completely free from this error. Would appreciate all help. The CA replication agreements are handled by ipa-csreplica-manage. You may have leftover agreements from previous installs there. rob I'm afraid I let over the years for some bits in the domain gone haywire. I found this: dn: cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ca objectClass: nsContainer objectClass: top dn: cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: certprofiles objectClass: nsContainer objectClass: top dn: cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: caacls objectClass: nsContainer objectClass: top dn: cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: cas objectClass: nsContainer objectClass: top dn: cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: cas objectClass: nsContainer objectClass: top dn: cn=IECUserRoles,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x description: User profile that includes IECUserRoles extension from request ipaCertProfileStoreIssued: TRUE cn: IECUserRoles objectClass: ipacertprofile objectClass: top dn: cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x description: Standard profile for network services ipaCertProfileStoreIssued: TRUE cn: caIPAserviceCert objectClass: ipacertprofile objectClass: top dn: ipaUniqueID=1ea0be16-fc01-11e5-a664-f04da240c1d2,cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x ipaMemberCertProfile: cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x ipaUniqueID: 1ea0be16-fc01-11e5-a664-f04da240c1d2 ipaEnabledFlag: TRUE hostCategory: all objectClass: ipaassociation objectClass: ipacaacl cn: hosts_services_caIPAserviceCert serviceCategory: all dn: cn=ipa,cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ipa ipaCaId: 0725f730-9351-4115-aa68-ecb2f47dd805 ipaCaSubjectDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x objectClass: top objectClass: ipaca ipaCaIssuerDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x description: IPA CA dn: cn=ipa,cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ipa ipaCaId: ed1bbc62-45c5-4d4a-96fb-0c16129dbad0 ipaCaSubjectDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x objectClass: top objectClass: ipaca ipaCaIssuerDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x description: IPA CA is this the culprit? You have some replication conflict entries in there. I see no way how this could affect a
Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
lejeczek wrote: > > > On 06/03/17 20:11, Rob Crittenden wrote: >> lejeczek wrote: >>> hi everyone >>> I've seemingly finely working domain, I mean it all seem fine to me, >>> except for: >>> >>> [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could >>> not send startTLS request: error -1 (Can't contact LDAP server) errno >>> 107 (Transport endpoint is not connected) >>> >>> being logged quite frequently, as you can see. Setup: >>> >>> ipa-client-4.4.0-14.el7.centos.4.x86_64 >>> ipa-client-common-4.4.0-14.el7.centos.4.noarch >>> ipa-common-4.4.0-14.el7.centos.4.noarch >>> ipa-python-compat-4.4.0-14.el7.centos.4.noarch >>> ipa-server-4.4.0-14.el7.centos.4.x86_64 >>> ipa-server-common-4.4.0-14.el7.centos.4.noarch >>> ipa-server-dns-4.4.0-14.el7.centos.4.noarch >>> >>> Replication, users, logins, all seem normal. But above bothers me as I >>> am afraid it may one day turn out critical and brake stuff down. >>> This is on the first server that initiated the domain, long time ago. >>> There is a second server which logs the same, but only a few entries >>> then goes quiet. >>> Third server's error log is completely free from this error. >>> >>> Would appreciate all help. >> The CA replication agreements are handled by ipa-csreplica-manage. You >> may have leftover agreements from previous installs there. >> >> rob >> > I'm afraid I let over the years for some bits in the domain gone > haywire. I found this: > > dn: cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: ca > objectClass: nsContainer > objectClass: top > > dn: cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: certprofiles > objectClass: nsContainer > objectClass: top > > dn: cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: caacls > objectClass: nsContainer > objectClass: top > > dn: > cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: cas > objectClass: nsContainer > objectClass: top > > dn: cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: cas > objectClass: nsContainer > objectClass: top > > dn: > cn=IECUserRoles,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > description: User profile that includes IECUserRoles extension from request > ipaCertProfileStoreIssued: TRUE > cn: IECUserRoles > objectClass: ipacertprofile > objectClass: top > > dn: > cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > description: Standard profile for network services > ipaCertProfileStoreIssued: TRUE > cn: caIPAserviceCert > objectClass: ipacertprofile > objectClass: top > > dn: > ipaUniqueID=1ea0be16-fc01-11e5-a664-f04da240c1d2,cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > ipaMemberCertProfile: > cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > ipaUniqueID: 1ea0be16-fc01-11e5-a664-f04da240c1d2 > ipaEnabledFlag: TRUE > hostCategory: all > objectClass: ipaassociation > objectClass: ipacaacl > cn: hosts_services_caIPAserviceCert > serviceCategory: all > > dn: > cn=ipa,cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: ipa > ipaCaId: 0725f730-9351-4115-aa68-ecb2f47dd805 > ipaCaSubjectDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x > objectClass: top > objectClass: ipaca > ipaCaIssuerDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x > description: IPA CA > > dn: cn=ipa,cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x > cn: ipa > ipaCaId: ed1bbc62-45c5-4d4a-96fb-0c16129dbad0 > ipaCaSubjectDN:
Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
On 06/03/17 20:11, Rob Crittenden wrote: lejeczek wrote: hi everyone I've seemingly finely working domain, I mean it all seem fine to me, except for: [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) being logged quite frequently, as you can see. Setup: ipa-client-4.4.0-14.el7.centos.4.x86_64 ipa-client-common-4.4.0-14.el7.centos.4.noarch ipa-common-4.4.0-14.el7.centos.4.noarch ipa-python-compat-4.4.0-14.el7.centos.4.noarch ipa-server-4.4.0-14.el7.centos.4.x86_64 ipa-server-common-4.4.0-14.el7.centos.4.noarch ipa-server-dns-4.4.0-14.el7.centos.4.noarch Replication, users, logins, all seem normal. But above bothers me as I am afraid it may one day turn out critical and brake stuff down. This is on the first server that initiated the domain, long time ago. There is a second server which logs the same, but only a few entries then goes quiet. Third server's error log is completely free from this error. Would appreciate all help. The CA replication agreements are handled by ipa-csreplica-manage. You may have leftover agreements from previous installs there. rob I'm afraid I let over the years for some bits in the domain gone haywire. I found this: dn: cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ca objectClass: nsContainer objectClass: top dn: cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: certprofiles objectClass: nsContainer objectClass: top dn: cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: caacls objectClass: nsContainer objectClass: top dn: cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: cas objectClass: nsContainer objectClass: top dn: cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: cas objectClass: nsContainer objectClass: top dn: cn=IECUserRoles,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x description: User profile that includes IECUserRoles extension from request ipaCertProfileStoreIssued: TRUE cn: IECUserRoles objectClass: ipacertprofile objectClass: top dn: cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x description: Standard profile for network services ipaCertProfileStoreIssued: TRUE cn: caIPAserviceCert objectClass: ipacertprofile objectClass: top dn: ipaUniqueID=1ea0be16-fc01-11e5-a664-f04da240c1d2,cn=caacls,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x ipaMemberCertProfile: cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x ipaUniqueID: 1ea0be16-fc01-11e5-a664-f04da240c1d2 ipaEnabledFlag: TRUE hostCategory: all objectClass: ipaassociation objectClass: ipacaacl cn: hosts_services_caIPAserviceCert serviceCategory: all dn: cn=ipa,cn=cas+nsuniqueid=647ed0b1-b70911e6-b84df1c7-2176fa48,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ipa ipaCaId: 0725f730-9351-4115-aa68-ecb2f47dd805 ipaCaSubjectDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x objectClass: top objectClass: ipaca ipaCaIssuerDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x description: IPA CA dn: cn=ipa,cn=cas,cn=ca,dc=priv,dc=xx.dc=xx.dc=priv,dc=xx,dc=xx,dc=x cn: ipa ipaCaId: ed1bbc62-45c5-4d4a-96fb-0c16129dbad0 ipaCaSubjectDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x objectClass: top objectClass: ipaca ipaCaIssuerDN: CN=Certificate Authority,O=PRIVATE.xx.xx.PRIVATE.xx.xx.x description: IPA CA is this the culprit? b.w. L. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
On 06/03/17 20:11, Rob Crittenden wrote: lejeczek wrote: hi everyone I've seemingly finely working domain, I mean it all seem fine to me, except for: [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) being logged quite frequently, as you can see. Setup: ipa-client-4.4.0-14.el7.centos.4.x86_64 ipa-client-common-4.4.0-14.el7.centos.4.noarch ipa-common-4.4.0-14.el7.centos.4.noarch ipa-python-compat-4.4.0-14.el7.centos.4.noarch ipa-server-4.4.0-14.el7.centos.4.x86_64 ipa-server-common-4.4.0-14.el7.centos.4.noarch ipa-server-dns-4.4.0-14.el7.centos.4.noarch Replication, users, logins, all seem normal. But above bothers me as I am afraid it may one day turn out critical and brake stuff down. This is on the first server that initiated the domain, long time ago. There is a second server which logs the same, but only a few entries then goes quiet. Third server's error log is completely free from this error. Would appreciate all help. The CA replication agreements are handled by ipa-csreplica-manage. You may have leftover agreements from previous installs there. rob many thanks, should I be searching through ldap tree? If yes then where more less? $ ipa-csreplica-manage list shows only two servers, which would make sense, would add up, I think. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
lejeczek wrote: > hi everyone > I've seemingly finely working domain, I mean it all seem fine to me, > except for: > > [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could > not send startTLS request: error -1 (Can't contact LDAP server) errno > 107 (Transport endpoint is not connected) > > being logged quite frequently, as you can see. Setup: > > ipa-client-4.4.0-14.el7.centos.4.x86_64 > ipa-client-common-4.4.0-14.el7.centos.4.noarch > ipa-common-4.4.0-14.el7.centos.4.noarch > ipa-python-compat-4.4.0-14.el7.centos.4.noarch > ipa-server-4.4.0-14.el7.centos.4.x86_64 > ipa-server-common-4.4.0-14.el7.centos.4.noarch > ipa-server-dns-4.4.0-14.el7.centos.4.noarch > > Replication, users, logins, all seem normal. But above bothers me as I > am afraid it may one day turn out critical and brake stuff down. > This is on the first server that initiated the domain, long time ago. > There is a second server which logs the same, but only a few entries > then goes quiet. > Third server's error log is completely free from this error. > > Would appreciate all help. The CA replication agreements are handled by ipa-csreplica-manage. You may have leftover agreements from previous installs there. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
On 04/03/17 14:47, lejeczek wrote: hi everyone I've seemingly finely working domain, I mean it all seem fine to me, except for: [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) being logged quite frequently, as you can see. Setup: ipa-client-4.4.0-14.el7.centos.4.x86_64 ipa-client-common-4.4.0-14.el7.centos.4.noarch ipa-common-4.4.0-14.el7.centos.4.noarch ipa-python-compat-4.4.0-14.el7.centos.4.noarch ipa-server-4.4.0-14.el7.centos.4.x86_64 ipa-server-common-4.4.0-14.el7.centos.4.noarch ipa-server-dns-4.4.0-14.el7.centos.4.noarch Replication, users, logins, all seem normal. But above bothers me as I am afraid it may one day turn out critical and brake stuff down. This is on the first server that initiated the domain, long time ago. There is a second server which logs the same, but only a few entries then goes quiet. Third server's error log is completely free from this error. Would appreciate all help. L As I was afraid... more. I'm adding a replica, with arguments: --setup-dns --no-forwarders . This seems to have succeeded: ... Configured /etc/ssh/sshd_config Configuring private.ccnr.ceb.private.cam.ac.uk as NIS domain. Client configuration complete. but on the master(fist server in the domain) during replica installation I see: [06/Mar/2017:09:56:01.022636856 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): The remote replica has a different database generation ID than the local database. You may have to reinitialize the remote replica, or the local replica. [06/Mar/2017:09:56:01.900679757 +] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389)". [06/Mar/2017:09:56:05.287761359 +] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389)". Sent 799 entries. [06/Mar/2017:09:56:15.293584156 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contxx. LDAP server). Will retry later. [06/Mar/2017:09:56:19.220334467 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): Replication bind with SIMPLE auth resumed [06/Mar/2017:09:56:24.523570143 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) () [06/Mar/2017:09:56:46.295504003 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): Replication bind with GSSAPI auth failed: LDAP error -1 (Can't contxx. LDAP server) () ... [06/Mar/2017:09:57:57.620175772 +] NSMMReplicationPlugin - agmt="cn=meToswir.priv.xx.xx.priv.xx.xx.x. (swir:389): Replication bind with GSSAPI auth resumed [06/Mar/2017:10:01:46.442346796 +] slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-swir.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success) [06/Mar/2017:10:01:46.452580492 +] NSMMReplicationPlugin - agmt="cn=masterAgreement1-swir.priv.xx.xx.priv.xx.xx.x.pki-tomcat" (swir:389): Replication bind with SIMPLE auth failed: LDAP error 32 (No such object) () [06/Mar/2017:10:01:46.454557885 +] slapi_ldap_bind - Error: could not bind id [cn=Replication Manager masterAgreement1-rider.priv.xx.xx.priv.xx.xx.x.pki-tomcat,ou=csusers,cn=config]
[Freeipa-users] slapi_ldap_bind - Error: could not send startTLS request
hi everyone I've seemingly finely working domain, I mean it all seem fine to me, except for: [04/Mar/2017:14:26:47.439218725 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:26:47.441155853 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.454016982 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:31:47.482477473 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.458508994 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:36:46.479878884 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.389700728 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) [04/Mar/2017:14:41:47.394379376 +] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not connected) being logged quite frequently, as you can see. Setup: ipa-client-4.4.0-14.el7.centos.4.x86_64 ipa-client-common-4.4.0-14.el7.centos.4.noarch ipa-common-4.4.0-14.el7.centos.4.noarch ipa-python-compat-4.4.0-14.el7.centos.4.noarch ipa-server-4.4.0-14.el7.centos.4.x86_64 ipa-server-common-4.4.0-14.el7.centos.4.noarch ipa-server-dns-4.4.0-14.el7.centos.4.noarch Replication, users, logins, all seem normal. But above bothers me as I am afraid it may one day turn out critical and brake stuff down. This is on the first server that initiated the domain, long time ago. There is a second server which logs the same, but only a few entries then goes quiet. Third server's error log is completely free from this error. Would appreciate all help. L -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
