[389-users] Users unable to change their passwords on replicas

Rich Megginson rmeggins at redhat.com
Thu Jun 30 17:23:40 UTC 2011 

On 06/30/2011 11:13 AM, G wrote:
> Greetings!
>
> I have a domain with a single master and four replicas.  Everything is 
> working fine and replicas are getting updates, etc...  However, users 
> are unable to change their own passwords on hosts bound to the 
> replicas.  They are able to change their passwords on hosts bound to 
> the master.
>
> _When they attempt to change their password this is what they get:_
> /[testpasswd at aurusdl-dns02 ~]$ passwd
> Changing password for user testpasswd.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Operations error
> Mapping tree node for dc=usdl,dc=gpsocx,dc=gov is set to return a 
> referral, but no referral is configured for it
> passwd: Permission denied/
>
> _It is hard to capture what is happening in the access log on a 
> replica but I think it is this:_
> /[30/Jun/2011:10:59:40 -0600] conn=1282 op=4 BIND 
> dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov" method=128 
> version=3
> [30/Jun/2011:10:59:40 -0600] conn=1282 op=4 RESULT err=0 tag=97 
> nentries=0 etime=0 dn="uid=testpasswd,ou=people,dc=usdl,dc=gpsocx,dc=gov"
> [30/Jun/2011:10:59:40 -0600] conn=1282 op=5 MOD 
> dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov"
> [30/Jun/2011:10:59:40 -0600] conn=1282 op=5 RESULT err=1 tag=103 
> nentries=0 etime=0
> [30/Jun/2011:10:59:42 -0600] conn=1217 op=-1 fd=66 closed error 11 
> (Resource temporarily unavailable) - T1
> [30/Jun/2011:10:59:42 -0600] conn=1213 op=-1 fd=96 closed error 11 
> (Resource temporarily unavailable) - T1
> [30/Jun/2011:10:59:42 -0600] conn=1144 op=-1 fd=86 closed error 11 
> (Resource temporarily unavailable) - T1
> [30/Jun/2011:10:59:42 -0600] conn=1132 op=-1 fd=78 closed error 11 
> (Resource temporarily unavailable) - T1
> [30/Jun/2011:10:59:42 -0600] conn=1282 op=7 UNBIND
> [30/Jun/2011:10:59:42 -0600] conn=1282 op=7 fd=73 closed - U1
> [30/Jun/2011:10:59:42 -0600] conn=1281 op=-1 fd=65 closed - B1/
>
> _I do get this persistent error on my replicas:_
> /[30/Jun/2011:10:54:00 -0600] NSMMReplicationPlugin - 
> repl_set_mtn_referrals: could not set referrals for replica dc=usdl, 
> dc=gpsocx, dc=gov: 1/
>
> This is a pretty busy domain in production.  I've had to rebuild it a 
> couple of times and I don't doubt that through these rebuilds 
> something got screwy which is causing this issue.
Yeah, not sure how this happened.  You can manually set the referrals.  See
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Multi_Master_Replication-Configuring_the_Read_Only_Replicas_on_the_Consumer_Servers
"Current URLs for referrals"
>
> Any help is greatly appreciated!
> G
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110630/9d987a54/attachment.html>

More information about the 389-users mailing list