Craig White System Administrator O 623-201-8179 M 602-377-9752
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032 -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Michael Mercier Sent: Friday, October 31, 2014 8:12 AM To: freeipa-users@redhat.com Subject: [Freeipa-users] Replication fails after CentOS 6.5 -> 6.6 Upgrade - sasl_io_recv failed to decode packet for connection xxxx Hello, I just did a 'yum update' from CentOS 6.5 -> 6.6 on my freeipa system (master and 2 replicas) and I seen to have run into the following bug, https://bugzilla.redhat.com/show_bug.cgi?id=953653 On Master: [root@srv-1 slapd-CN-LOCAL]# rpm -qa|grep ipa ipa-client-3.0.0-42.el6.centos.x86_64 libipa_hbac-python-1.11.6-30.el6.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-python-3.0.0-42.el6.centos.x86_64 sssd-ipa-1.11.6-30.el6.x86_64 ipa-server-3.0.0-42.el6.centos.x86_64 ipa-server-selinux-3.0.0-42.el6.centos.x86_64 libipa_hbac-1.11.6-30.el6.x86_64 ipa-admintools-3.0.0-42.el6.centos.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-pki-ca-theme-9.0.3-7.el6.noarch [root@srv-1 slapd-CN-LOCAL]# rpm -qa|grep 389 389-ds-base-1.2.11.15-47.el6.x86_64 389-ds-base-libs-1.2.11.15-47.el6.x86_64 ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep nsslapd-sasl-max-buffer-size nsslapd-sasl-max-buffer-size: 65536 [root@srv-1]tail /etc/dirsrv/slapd-xxxx/errors [31/Oct/2014:10:59:51 -0400] - sasl_io_recv failed to decode packet for connection 2313 [31/Oct/2014:10:59:55 -0400] - sasl_io_recv failed to decode packet for connection 2314 [31/Oct/2014:11:00:00 -0400] - sasl_io_recv failed to decode packet for connection 2316 [31/Oct/2014:11:00:01 -0400] - sasl_io_recv failed to decode packet for connection 2315 On Replica: [root@srv-2 slapd-CN-LOCAL]# rpm -qa|grep ipa ipa-server-selinux-3.0.0-42.el6.centos.x86_64 libipa_hbac-1.11.6-30.el6.x86_64 ipa-admintools-3.0.0-42.el6.centos.x86_64 python-iniparse-0.3.1-2.1.el6.noarch ipa-pki-common-theme-9.0.3-7.el6.noarch ipa-server-3.0.0-42.el6.centos.x86_64 ipa-client-3.0.0-42.el6.centos.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch libipa_hbac-python-1.11.6-30.el6.x86_64 ipa-python-3.0.0-42.el6.centos.x86_64 sssd-ipa-1.11.6-30.el6.x86_64 [root@srv-2 slapd-CN-LOCAL]# rpm -qa|grep 389 389-ds-base-1.2.11.15-47.el6.x86_64 389-ds-base-libs-1.2.11.15-47.el6.x86_64 [root@srv-2 slapd-CN-LOCAL]# ldapsearch -b cn=config -D "cn=Directory Manager" -W | grep nsslapd-sasl-max-buffer-size Enter LDAP Password: nsslapd-sasl-max-buffer-size: 65536 [root@svr-2]tail -f /etc/dirsrv/slapd-xxxx/errors [31/Oct/2014:11:01:11 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Replication bind with GSSAPI auth resumed [31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to replicate schema: rc=2 [31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Consumer failed to replay change (uniqueid (null), CSN (null)): Can't contact LDAP server(-1). Will retry later. [31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Failed to send update operation to consumer (uniqueid 515cdb0f-24fa11e2-816add07-a91dabe7, CSN 5453fc26000900030000): Can't contact LDAP server. Will retry later. [31/Oct/2014:11:01:18 -0400] NSMMReplicationPlugin - agmt="cn=meTosrv-1.xxxx" (srv-1:389): Warning: unable to send endReplication extended operation (Can't contact LDAP server) In the ticket, Scott Poore says he increased the nsslapd-sasl-max-buffer-size to work around the problem. Is this the correct course of action, or should I be trying something else? ---- I can't speak with certainty but I can tell you that increasing the buffer solved my replication problem immediately. Craig -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project