Re: [Freeipa-users] migrate-ds fails with Can't contact LDAP server
My sincere apologies: I forgot to start slapd on my openldap server... Qing On 13/08/2012 10:39 AM, Rob Crittenden wrote: Qing Chang wrote: Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new ESXi host, after preparing migration mode as well as adding necessary objectclasses, tried to run following: ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager --group-container=ou=group --schema=RFC2307 --with-compat --group-objectclass=posixGroup It failed promptly with this: = ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=ipa1.sri.utoronto.ca,O=SRI.UTORONTO.CA" ipa: DEBUG: handshake complete, peer = IP_of_ipa1:443 ipa: DEBUG: Caught fault 4203 from server http://ipa1.sri.utoronto.ca/ipa/xml: Can't contact LDAP server: ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Can't contact LDAP server: = /var/log/dirsrv/access shows: = [12/Aug/2012:07:53:26 -0400] conn=81 op=6 SRCH base="cn=accounts,dc=sri,dc=utoronto,dc=ca" scope=2 filter="(&(uid=postfix)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [12/Aug/2012:07:53:26 -0400] conn=81 op=6 RESULT err=0 tag=101 nentries=0 etime=0 = Previous installation of VBox VM (RHEL 6.3 with IPA ) did not have this problem. Check your iptables/firewall configuration on both hosts. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] migrate-ds fails with Can't contact LDAP server
On 13/08/2012 10:39 AM, Rob Crittenden wrote: Qing Chang wrote: Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new ESXi host, after preparing migration mode as well as adding necessary objectclasses, tried to run following: ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager --group-container=ou=group --schema=RFC2307 --with-compat --group-objectclass=posixGroup It failed promptly with this: = ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=ipa1.sri.utoronto.ca,O=SRI.UTORONTO.CA" ipa: DEBUG: handshake complete, peer = IP_of_ipa1:443 ipa: DEBUG: Caught fault 4203 from server http://ipa1.sri.utoronto.ca/ipa/xml: Can't contact LDAP server: ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Can't contact LDAP server: = /var/log/dirsrv/access shows: = [12/Aug/2012:07:53:26 -0400] conn=81 op=6 SRCH base="cn=accounts,dc=sri,dc=utoronto,dc=ca" scope=2 filter="(&(uid=postfix)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [12/Aug/2012:07:53:26 -0400] conn=81 op=6 RESULT err=0 tag=101 nentries=0 etime=0 = Previous installation of VBox VM (RHEL 6.3 with IPA ) did not have this problem. Check your iptables/firewall configuration on both hosts. rob I have disabled iptables on ipa1, ipa1 and openldap can ping each other. Thanks, Qing ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] migrate-ds fails with Can't contact LDAP server
Qing Chang wrote: Just installed a fresh RHEL 6.3 VM with IPA 2.2..0-16.el6 on our new ESXi host, after preparing migration mode as well as adding necessary objectclasses, tried to run following: ipa -d migrate-ds ldap://openldap:389 --bind-dn=cn=Manager --group-container=ou=group --schema=RFC2307 --with-compat --group-objectclass=posixGroup It failed promptly with this: = ipa: DEBUG: approved_usage = SSLServer intended_usage = SSLServer ipa: DEBUG: cert valid True for "CN=ipa1.sri.utoronto.ca,O=SRI.UTORONTO.CA" ipa: DEBUG: handshake complete, peer = IP_of_ipa1:443 ipa: DEBUG: Caught fault 4203 from server http://ipa1.sri.utoronto.ca/ipa/xml: Can't contact LDAP server: ipa: DEBUG: Destroyed connection context.xmlclient ipa: ERROR: Can't contact LDAP server: = /var/log/dirsrv/access shows: = [12/Aug/2012:07:53:26 -0400] conn=81 op=6 SRCH base="cn=accounts,dc=sri,dc=utoronto,dc=ca" scope=2 filter="(&(uid=postfix)(objectClass=posixAccount))" attrs="objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf nsUniqueId modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey" [12/Aug/2012:07:53:26 -0400] conn=81 op=6 RESULT err=0 tag=101 nentries=0 etime=0 = Previous installation of VBox VM (RHEL 6.3 with IPA ) did not have this problem. Check your iptables/firewall configuration on both hosts. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users