Please don't drop the mailing list.
On pe, 12 tammi 2018, Nacho del Rey wrote:
I think it is connecting locally (to the replica server itself)
ldap_uri = ldapi://%2fvar%2frun%2fslapd-XXXXXX-COM.socket
How can I check and to enable this feature? I guess that if the LDAP is replicated between master & replica, it has to done once, right?
The feature is enabled by default and nothing in IPA is removing it.
Can you explain in more details what is your actual environment? OS is CentOS 7.3 but where is it running? Bare metal, VM, Docker, LXC, etc? What are the package versions that you have for ipa-server, 389-ds-base, etc.
CentOS 7.3 is "old" now (CentOS only supports the very latest release), so question about what packages are installed can reveal what's wrong.
-Sorry, I clink on reply instead of reply to all
Both servers running Centos (7.4, last test from today)
[root@gcp-sec-ipamaster-01 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core)
IPA packages [root@gcp-dmz-ipareplica-01 ipa]# rpm -qa | grep ipa| sort ipa-client-4.5.0-22.el7.centos.x86_64 ipa-client-common-4.5.0-22.el7.centos.noarch ipa-common-4.5.0-22.el7.centos.noarch ipa-server-4.5.0-22.el7.centos.x86_64 ipa-server-common-4.5.0-22.el7.centos.noarch ipa-server-dns-4.5.0-22.el7.centos.noarch libipa_hbac-1.15.2-50.el7_4.8.x86_64 python-iniparse-0.4-9.el7.noarch python-ipaddress-1.0.16-2.el7.noarch python-libipa_hbac-1.15.2-50.el7_4.8.x86_64 python2-ipaclient-4.5.0-22.el7.centos.noarch python2-ipalib-4.5.0-22.el7.centos.noarch python2-ipaserver-4.5.0-22.el7.centos.noarch sssd-ipa-1.15.2-50.el7_4.8.x86_64
[root@gcp-sec-ipamaster-01 ~]# rpm -qa | grep 389 389-ds-base-1.3.6.1-24.el7_4.x86_64 389-ds-base-libs-1.3.6.1-24.el7_4.x86_64
both them are VMs running in google cloud
the packages in the master were installed like the following:
yum install rng-tools ipa-server ipa-server-dns ntp -y where ipa-server.x86_64 4.5.0-22.el7.centos
@updates
My goal is to have 2 IPAs running (a master and a replica). Master running CA & DNS, and replica running only DNS synced with master
Thanks again
Nacho.
2018-01-12 11:49 GMT+01:00 Alexander Bokovoy abokovoy@redhat.com:
Please don't drop the mailing list.
On pe, 12 tammi 2018, Nacho del Rey wrote:
I think it is connecting locally (to the replica server itself)
ldap_uri = ldapi://%2fvar%2frun%2fslapd-XXXXXX-COM.socket
How can I check and to enable this feature? I guess that if the LDAP is replicated between master & replica, it has to done once, right?
The feature is enabled by default and nothing in IPA is removing it.
Can you explain in more details what is your actual environment? OS is CentOS 7.3 but where is it running? Bare metal, VM, Docker, LXC, etc? What are the package versions that you have for ipa-server, 389-ds-base, etc.
CentOS 7.3 is "old" now (CentOS only supports the very latest release), so question about what packages are installed can reveal what's wrong.
-- / Alexander Bokovoy
freeipa-users@lists.fedorahosted.org