If the problem occurs during the new installation of DS, you need to get
a modification of the IPA install script, setting this parameter befor
setting up replication.
Otherwise there is a hack to modify the configuration template:
/usr/share/dirsrv/data/template-dse.ldif
and add the
nsslapd-maxsasliosize: YOUR_NEW_VALUE
line to the cn=config entry
On 06/13/2017 03:49 PM, Adrian HY via FreeIPA-users wrote:
Hi Mark, my problem is during the replica installation. I can't
use
ldapmodify because *cn=directory manager * does not have the password
assigned.
Regards.
On Mon, Jun 12, 2017 at 1:38 PM, Mark Reynolds <mareynol(a)redhat.com
<mailto:mareynol@redhat.com>> wrote:
On 06/11/2017 01:49 PM, Adrian HY via FreeIPA-users wrote:
> I think I detected the problem. The error log in the replica writes:
>
> *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet
> length exceeds maximum allowed limit (length=2483849,
> limit=2097152). Change the nsslapd-maxsasliosize attribute in
> cn=config to increase limit.*
> *
> [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned
>
> *
> According this:
>
(
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8....
>
<
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8....>)
>
> "When an incoming SASL IO packet is larger than the
> nsslapd-maxsasliosize limit, the server immediately disconnects
> the client and logs a message to the error log, so that an
> administrator can adjust the setting if necessary"
>
> The problem now is how can I change the value of the attribute
> during replication.
You just use ldapmodify to change the value on each replica:
# ldapmodify -D "cn=directory manager" -W
dn: cn=config
changetype: modify
replace: nsslapd-maxsasliosize
nsslapd-maxsasliosize: YOUR_NEW_VALUE
>
> Regards.
>
> On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja153(a)gmail.com
> <mailto:ayeja153@gmail.com>> wrote:
>
> Hi folks, I had a problem with replication and I tried to add
> the slave back to the replica. The process stops in the
> initial replication phase.
>
> The firewall and selinux are down and both servers are
> synchronized with the time.
>
> Centos 7.3
> Freeipa 4.4.0-14
>
> *Master error log:*
>
> 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin -
>
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Replication bind with GSSAPI auth
> failed: LDAP error 49 (Invalid credentials) ()
> [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin
> - Warning: unable to acquire replica for total update, error:
> 49, retrying in 1 seconds.
> [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Replication bind with GSSAPI auth resumed
> [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin
> - Beginning total update of replica
> "agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389)".
> [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Failed to send extended operation:
> LDAP error -1 (Can't contact LDAP server)
> [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Received error -1 (Can't contact LDAP
> server): for total updat
> e operation
> [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Warning: unable to send
> endReplication extended operation (Can'
> t contact LDAP server)
> [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin
> - Total update failed for replica
> "agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389)", error (-11)
> [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): Replication bind with GSSAPI auth resumed
> [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): The remote replica has a different
> database generation ID than
> the local database. You may have to reinitialize the remote
> replica, or the local replica.
> [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin
> -
agmt="cn=meTousuarios-replica.ipa.server.com
> <
http://meTousuarios-replica.ipa.server.com>"
> (usuarios-replica:389): The remote replica has a different
> database generation ID than
> the local database. You may have to reinitialize the remote
> replica, or the local replica.
>
> *Client ipareplica-install.log:*
>
> 2017-06-11T05:24:24Z DEBUG stderr=
> 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost
> [389] timeout 300
> 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from
> master [attempt 1/5]
> 2017-06-11T05:24:24Z DEBUG flushing
> ldap://usuarios.ipa.server.com:389
> <
http://usuarios.ipa.server.com:389> from SchemaCache
> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
> url=ldap://usuarios.ipa.server.com:389
> <
http://usuarios.ipa.server.com:389>
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86909e0>
> 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
> 2017-06-11T05:24:24Z DEBUG flushing
> ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket from
> SchemaCache
> 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
> 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 449, in start_creation
> run_step(full_msg, method)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 439, in run_step
> method()
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 416, in __setup_replica
> repl.setup_promote_replication(self.master_fqdn)
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1643, in setup_promote_replication
> raise RuntimeError("Failed to start replication")
> RuntimeError: Failed to start replication
>
> 2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to
> start replication
> 2017-06-11T05:24:46Z DEBUG Destroyed connection
> context.ldap2_101192976
> 2017-06-11T05:24:46Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
> line 171, in execute
> return_value = self.run()
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
> line 318, in run
> cfgr.run()
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 310, in run
> self.execute()
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 332, in execute
> for nothing in self._executor():
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 372, in __runner
> self._handle_exception(exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 362, in __runner
> step()
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 359, in <lambda>
> step = lambda: next(self.__gen)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 586, in _configure
> next(executor)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 372, in __runner
> self._handle_exception(exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 449, in _handle_exception
> self.__parent._handle_exception(exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 446, in _handle_exception
> super(ComponentBase, self)._handle_exception(exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 394, in _handle_exception
> six.reraise(*exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 362, in __runner
> step()
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 359, in <lambda>
> step = lambda: next(self.__gen)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 81, in run_generator_with_yield_from
> six.reraise(*exc_info)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 59, in run_generator_with_yield_from
> value = gen.send(prev_value)
> File
> "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
> for nothing in self._installer(self.parent):
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1722, in main
> promote(self)
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 372, in decorated
> func(installer)
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 1423, in promote
> promote=True, pkcs12_info=dirsrv_pkcs12_info)
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
> line 135, in install_replica_ds
> api=remote_api,
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 401, in create_replica
> self.start_creation(runtime=60)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 449, in start_creation
> run_step(full_msg, method)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 439, in run_step
> method()
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
> line 416, in __setup_replica
> repl.setup_promote_replication(self.master_fqdn)
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
> line 1643, in setup_promote_replication
> raise RuntimeError("Failed to start replication")
>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list --freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email tofreeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
Shander