I think I detected the problem. The error log in the replica writes:
*[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length
exceeds maximum allowed limit (length=2483849, limit=2097152). Change the
nsslapd-maxsasliosize attribute in cn=config to increase limit.*
*[11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned*
According this: (
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8....
)
"When an incoming SASL IO packet is larger than the nsslapd-maxsasliosize
limit, the server immediately disconnects the client and logs a message to
the error log, so that an administrator can adjust the setting if necessary"
The problem now is how can I change the value of the attribute during
replication.
Regards.
On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja153(a)gmail.com> wrote:
Hi folks, I had a problem with replication and I tried to add the
slave
back to the replica. The process stops in the initial replication phase.
The firewall and selinux are down and both servers are synchronized with
the time.
Centos 7.3
Freeipa 4.4.0-14
*Master error log:*
11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials) ()
[11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - Warning:
unable to acquire replica for total update, error: 49, retrying in 1
seconds.
[11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
bind with GSSAPI auth resumed
[11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - Beginning
total update of replica "agmt="cn=meTousuarios-replica.ipa.server.com"
(usuarios-replica:389)".
[11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Failed to
send extended operation: LDAP error -1 (Can't contact LDAP server)
[11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Received
error -1 (Can't contact LDAP server): for total updat
e operation
[11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Warning:
unable to send endReplication extended operation (Can'
t contact LDAP server)
[11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - Total
update failed for replica "agmt="cn=meTousuarios-replica.ipa.server.com"
(usuarios-replica:389)", error (-11)
[11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): Replication
bind with GSSAPI auth resumed
[11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote
replica has a different database generation ID than
the local database. You may have to reinitialize the remote replica, or
the local replica.
[11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - agmt="cn=
meTousuarios-replica.ipa.server.com" (usuarios-replica:389): The remote
replica has a different database generation ID than
the local database. You may have to reinitialize the remote replica, or
the local replica.
*Client ipareplica-install.log:*
2017-06-11T05:24:24Z DEBUG stderr=
2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master [attempt
1/5]
2017-06-11T05:24:24Z DEBUG flushing ldap://usuarios.ipa.server.com:389
from SchemaCache
2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache url=ldap://
usuarios.ipa.server.com:389 conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x86909e0>
2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId.
2017-06-11T05:24:24Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
from SchemaCache
2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440>
2017-06-11T05:24:46Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 416, in __setup_replica
repl.setup_promote_replication(self.master_fqdn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 1643, in setup_promote_replication
raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication
2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start
replication
2017-06-11T05:24:46Z DEBUG Destroyed connection context.ldap2_101192976
2017-06-11T05:24:46Z DEBUG File "/usr/lib/python2.7/site-
packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
318, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
310, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
332, in execute
for nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
586, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
449, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 63, in _install
for nothing in self._installer(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1722, in main
promote(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 372, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1423, in promote
promote=True, pkcs12_info=dirsrv_pkcs12_info)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 135, in install_replica_ds
api=remote_api,
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 401, in create_replica
self.start_creation(runtime=60)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 416, in __setup_replica
repl.setup_promote_replication(self.master_fqdn)
File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 1643, in setup_promote_replication
raise RuntimeError("Failed to start replication")