Hi The original ipa master has a running LDAP, the replica does not so the install failed on it.....so I cant give you an ldapsearch output from the replica.
Here's the master's output.... ================= # extended LDIF # # LDAPv3 # base <dc=ipa,dc=ac,dc=nz> with scope subtree # filter: krbprincipalname=ldap/* # requesting: dn # # ldap/[email protected], services, accounts, ipa.ac.nz dn: krbprincipalname=ldap/[email protected],cn=services,cn= accounts,dc=ipa,dc=ac,dc=nz # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 =============== On Wed, 2011-03-02 at 23:32 -0500, Rob Crittenden wrote: > Steven Jones wrote: > > 8><---- > > starting replication, please wait until this has completed. > > Update in progress > > Update in progress > > Update in progress > > Update in progress > > Update in progress > > Update succeeded > > [21/27]: adding replication acis > > [22/27]: initializing group membership > > [23/27]: adding master entry > > [24/27]: configuring Posix uid/gid generation > > [25/27]: enabling compatibility plugin > > [26/27]: tuning directory server > > [27/27]: configuring directory to start on boot > > done configuring dirsrv. > > Configuring Kerberos KDC: Estimated time 30 seconds > > [1/9]: adding sasl mappings to the directory > > [2/9]: writing stash file from DS > > [3/9]: configuring KDC > > [4/9]: creating a keytab for the directory > > [5/9]: creating a keytab for the machine > > [6/9]: adding the password extension to the directory > > [7/9]: enable GSSAPI for replication > > creation of replica failed: list index out of range > > > > Your system may be partly configured. > > Run /usr/sbin/ipa-server-install --uninstall to clean up. > > [root@fed14-64-ipam002 ~]# > > > > > > messages log > > ================== > > Mar 3 00:12:04 fed14-64-ipam002 kernel: [11214.180151] ns-slapd[7867]: > > segfault at 0 ip 00007f > > e9a7fd5de4 sp 00007fe9617e0910 error 4 in libipa_uuid.so[7fe9a7fd3000 > > +5000] > > ================== > > > > Replica install log > > ================== > > 8><---- > > 2011-03-03 00:12:14,977 INFO Changing agreement > > cn=meTofed14-64-ipam002.ipa.ac.nz,cn=replica,cn > > =dc\3Dipa\2Cdc\3Dac\2Cdc\3Dnz,cn=mapping tree,cn=config to restore > > original schedule 0000-2359 > > 0123456 > > 2011-03-03 00:12:15,997 INFO Replication Update in progress: FALSE: > > status: 0 Replica acquired > > successfully: Incremental update succeeded: start: 20110302111214Z: end: > > 20110302111214Z > > 2011-03-03 00:12:16,048 DEBUG list index out of range > > File "/usr/sbin/ipa-replica-install", line 507, in<module> > > main() > > > > File "/usr/sbin/ipa-replica-install", line 468, in main > > install_krb(config, setup_pkinit=options.setup_pkinit) > > > > File "/usr/sbin/ipa-replica-install", line 216, in install_krb > > setup_pkinit, pkcs12_info) > > > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", > > line 211, in create > > _replica > > self.start_creation("Configuring Kerberos KDC", 30) > > > > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > > line 283, in start_crea > > tion > > method() > > > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/krbinstance.py", > > line 556, in __conv > > ert_to_gssapi_replication > > r_bindpw=self.dm_password) > > > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > > line 688, in conver > > t_to_gssapi_replication > > self.gssapi_update_agreements(self.conn, r_conn) > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > > line 458, in gssapi > > _update_agreements > > self.setup_krb_princs_as_replica_binddns(a, b) > > > > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > > line 451, in setup_ > > krb_princs_as_replica_binddns > > mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_pn[0].dn)] > > ==================== > > > > > > So how to fix? > > > > regards > > > > Steven > > > > Ok, this is a new one and may be similar to other hostname issues you've > run into. Can you give me the output of this search: > > ldapsearch -x -b 'dc=example,dc=com' 'krbprincipalname=ldap/*' dn > > I would expect the same results from both your new replica and your > existing master but if they're different that would be good to know. > > I'm going to guess that either we stored a non-fqdn or we're searching > for a non-fqdn (we'll have to infer that, I think, if you have the fqdn > stored in LDAP). > > We are doing a very specific search for the principal for the hostnames > on each side of the replication agreement, I'm guessing that we're not > finding one of them and we haven't taken that into consideration. I > filed https://fedorahosted.org/freeipa/ticket/1044 for this. > > rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
