Craig White
System Administrator
O 623-201-8179   M 602-377-9752



SkyTouch Technology     4225 E. Windrose Dr.     Phoenix, AZ 85032


-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Michael Mercier
Sent: Friday, October 31, 2014 8:12 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Replication fails after CentOS 6.5 -> 6.6 Upgrade - 
sasl_io_recv failed to decode packet for connection xxxx

Hello,

I just did a 'yum update' from CentOS 6.5 -> 6.6 on my freeipa system (master 
and 2 replicas) and I seen to have run into the following bug,

https://bugzilla.redhat.com/show_bug.cgi?id=953653

On Master:

[root@srv-1 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-client-3.0.0-42.el6.centos.x86_64
libipa_hbac-python-1.11.6-30.el6.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
[root@srv-1 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64

ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep 
nsslapd-sasl-max-buffer-size
nsslapd-sasl-max-buffer-size: 65536

[root@srv-1]tail /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:10:59:51 -0400] - sasl_io_recv failed to decode packet for 
connection 2313
[31/Oct/2014:10:59:55 -0400] - sasl_io_recv failed to decode packet for 
connection 2314
[31/Oct/2014:11:00:00 -0400] - sasl_io_recv failed to decode packet for 
connection 2316
[31/Oct/2014:11:00:01 -0400] - sasl_io_recv failed to decode packet for 
connection 2315

On Replica:
[root@srv-2 slapd-CN-LOCAL]# rpm -qa|grep ipa
ipa-server-selinux-3.0.0-42.el6.centos.x86_64
libipa_hbac-1.11.6-30.el6.x86_64
ipa-admintools-3.0.0-42.el6.centos.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-3.0.0-42.el6.centos.x86_64
ipa-client-3.0.0-42.el6.centos.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
libipa_hbac-python-1.11.6-30.el6.x86_64
ipa-python-3.0.0-42.el6.centos.x86_64
sssd-ipa-1.11.6-30.el6.x86_64
[root@srv-2 slapd-CN-LOCAL]# rpm -qa|grep 389
389-ds-base-1.2.11.15-47.el6.x86_64
389-ds-base-libs-1.2.11.15-47.el6.x86_64
[root@srv-2 slapd-CN-LOCAL]# ldapsearch -b cn=config -D "cn=Directory Manager" 
-W | grep nsslapd-sasl-max-buffer-size Enter LDAP Password:
nsslapd-sasl-max-buffer-size: 65536

[root@svr-2]tail -f /etc/dirsrv/slapd-xxxx/errors
[31/Oct/2014:11:01:11 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" 
(srv-1:389): Replication bind with GSSAPI auth resumed
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" 
(srv-1:389): Warning: unable to replicate
schema: rc=2
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" 
(srv-1:389): Consumer failed to replay change (uniqueid (null), CSN (null)): 
Can't contact LDAP server(-1). Will retry later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" 
(srv-1:389): Failed to send update operation to consumer (uniqueid 
515cdb0f-24fa11e2-816add07-a91dabe7, CSN
5453fc26000900030000): Can't contact LDAP server. Will retry later.
[31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" 
(srv-1:389): Warning: unable to send endReplication extended operation (Can't 
contact LDAP server)

In the ticket, Scott Poore says he increased the nsslapd-sasl-max-buffer-size 
to work around the problem.  Is this the correct course of action, or should I 
be trying something else?
----
I can't speak with certainty but I can tell you that increasing the buffer 
solved my replication problem immediately.

Craig

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to