Hi, On Thu, Feb 16, 2012 at 11:56, Rich Megginson <[email protected]> wrote: > On 02/16/2012 09:12 AM, Dan Scott wrote: >> >> Hi, >> >> On Thu, Feb 16, 2012 at 10:37, Rich Megginson<[email protected]> wrote: >>> >>> On 02/16/2012 08:26 AM, Dan Scott wrote: >>>> >>>> Hi, >>>> >>>> I have recently upgraded one of my FreeIPA servers (Fedora 16) with >>>> the latest package versions: >>>> >>>> Feb 15 14:10:19 Updated: libselinux-2.1.6-6.fc16.x86_64 >>>> Feb 15 14:10:20 Updated: krb5-libs-1.9.2-6.fc16.x86_64 >>>> Feb 15 14:10:21 Updated: systemd-37-13.fc16.x86_64 >>>> Feb 15 14:10:22 Updated: systemd-units-37-13.fc16.x86_64 >>>> Feb 15 14:10:22 Updated: device-mapper-libs-1.02.65-6.fc16.x86_64 >>>> Feb 15 14:10:22 Updated: device-mapper-1.02.65-6.fc16.x86_64 >>>> Feb 15 14:10:23 Updated: rpm-4.9.1.2-5.fc16.x86_64 >>>> Feb 15 14:10:24 Updated: rpm-libs-4.9.1.2-5.fc16.x86_64 >>>> Feb 15 14:10:24 Updated: device-mapper-event-libs-1.02.65-6.fc16.x86_64 >>>> Feb 15 14:10:26 Updated: freeipa-python-2.1.4-5.fc16.x86_64 >>>> Feb 15 14:10:26 Updated: systemd-sysv-37-13.fc16.x86_64 >>>> Feb 15 14:10:27 Updated: krb5-server-1.9.2-6.fc16.x86_64 >>>> Feb 15 14:10:27 Updated: krb5-server-ldap-1.9.2-6.fc16.x86_64 >>>> Feb 15 14:10:27 Updated: device-mapper-event-1.02.65-6.fc16.x86_64 >>>> Feb 15 14:10:28 Updated: lvm2-libs-2.02.86-6.fc16.x86_64 >>>> Feb 15 14:10:28 Updated: rpm-build-libs-4.9.1.2-5.fc16.x86_64 >>>> Feb 15 14:10:28 Updated: mod_auth_kerb-5.4-8.fc16.x86_64 >>>> Feb 15 14:10:28 Updated: 389-ds-base-libs-1.2.10-0.10.rc1.fc16.x86_64 >>>> Feb 15 14:10:30 Updated: 389-ds-base-1.2.10-0.10.rc1.fc16.x86_64 >>>> Feb 15 14:10:31 Updated: krb5-pkinit-openssl-1.9.2-6.fc16.x86_64 >>>> Feb 15 14:10:31 Updated: krb5-workstation-1.9.2-6.fc16.x86_64 >>>> Feb 15 14:10:31 Updated: freeipa-client-2.1.4-5.fc16.x86_64 >>>> Feb 15 14:10:31 Updated: freeipa-admintools-2.1.4-5.fc16.x86_64 >>>> Feb 15 14:11:47 Updated: freeipa-server-2.1.4-5.fc16.x86_64 >>>> Feb 15 14:15:19 Updated: freeipa-server-selinux-2.1.4-5.fc16.x86_64 >>>> Feb 15 14:15:19 Updated: rpm-python-4.9.1.2-5.fc16.x86_64 >>>> Feb 15 14:15:20 Updated: lvm2-2.02.86-6.fc16.x86_64 >>>> Feb 15 14:15:20 Updated: libselinux-python-2.1.6-6.fc16.x86_64 >>>> Feb 15 14:15:20 Updated: libselinux-utils-2.1.6-6.fc16.x86_64 >>>> Feb 15 14:15:21 Updated: alsa-lib-1.0.25-1.fc16.x86_64 >>>> Feb 15 14:15:30 Installed: kernel-3.2.6-3.fc16.x86_64 >>>> >>>> I am having major problems with freeipa services (I replaced my real >>>> domain with example.com): >>>> >>>> [root@fileserver3 ~]# ipactl status >>>> Directory Service: STOPPED >>>> Unknown error when retrieving list of services from LDAP: [Errno 111] >>>> Connection refused >>>> [root@fileserver3 ~]# ipactl start >>>> Starting Directory Service >>>> Failed to read data from Directory Service: Failed to get list of >>>> services to probe status! >>>> Configured hostname 'fileserver3.example.com' does not match any >>>> master server in LDAP: >>>> No master found because of error: {'matched': 'dc=example,dc=com', >>>> 'desc': 'No such object'} >>>> Shutting down >>>> [root@fileserver3 ~]# >>>> >>>> None of the IPA processes will start. The dirsrv error log shows: >>>> >>>> [16/Feb/2012:10:20:23 -0500] - 389-Directory/1.2.10.rc1 B2012.035.328 >>>> starting up >>>> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no >>>> entries set up under cn=groups, cn=compat,dc=example,dc=com >>>> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no >>>> entries set up under cn=ng, cn=compat,dc=example,dc=com >>>> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no >>>> entries set up under ou=sudoers,dc=example,dc=com >>>> [16/Feb/2012:10:20:23 -0500] schema-compat-plugin - warning: no >>>> entries set up under cn=users, cn=compat,dc=example,dc=com >>>> [16/Feb/2012:10:20:23 -0500] dna-plugin - dna_parse_config_entry: >>>> Unable to locate shared configuration entry >>>> (cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com) >>>> [16/Feb/2012:10:20:23 -0500] dna-plugin - dna_parse_config_entry: >>>> Invalid config entry [cn=posix ids,cn=distributed numeric assignment >>>> plugin,cn=plugins,cn=config] skipped >>>> [16/Feb/2012:10:20:23 -0500] - slapd started. Listening on All >>>> Interfaces port 389 for LDAP requests >>>> [16/Feb/2012:10:20:23 -0500] - Listening on All Interfaces port 636 >>>> for LDAPS requests >>>> [16/Feb/2012:10:20:23 -0500] - Listening on >>>> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests >>>> [16/Feb/2012:10:20:23 -0500] - slapd shutting down - signaling operation >>>> threads >>>> [16/Feb/2012:10:20:23 -0500] - slapd shutting down - closing down >>>> internal subsystems and plugins >>>> [16/Feb/2012:10:20:24 -0500] - Waiting for 4 database threads to stop >>>> [16/Feb/2012:10:20:24 -0500] - All database threads now stopped >>>> [16/Feb/2012:10:20:24 -0500] - slapd stopped. >>>> >>>> Can someone help? >>> >>> start your directory server - systemctl start dirsrv.target >>> do a search for the dna entries: >>> ldapsearch -xLLL -D "cn=directory manager" -W -s one -b >>> "cn=dna,cn=ipa,cn=etc,dc=example,dc=com" >>> >>> and >>> ldapsearch -xLLL -D "cn=directory manager" -W -s one -b "cn=distributed >>> numeric assignment >>> plugin,cn=plugins,cn=config" >> >> Results: >> >> [root@fileserver3 ~]# ldapsearch -xLLL -D "cn=directory manager" -W -s >> one -b "cn=dna,cn=ipa,cn=etc,dc=example,dc=com" >> Enter LDAP Password: >> No such object (32) >> Matched DN: dc=example,dc=com >> [root@fileserver3 ~]# ldapsearch -xLLL -D "cn=directory manager" -W -s >> one -b "cn=distributed numeric assignment plugin,cn=plugins,cn=config" >> Enter LDAP Password: >> dn: cn=Posix IDs,cn=Distributed Numeric Assignment >> Plugin,cn=plugins,cn=config >> objectClass: top >> objectClass: extensibleObject >> cn: Posix IDs >> dnatype: uidNumber >> dnatype: gidNumber >> dnanextvalue: 1101 >> dnamaxvalue: 1100 >> dnamagicregen: 999 >> dnafilter: (|(objectclass=posixAccount)(objectClass=posixGroup)) >> dnascope: dc=example,dc=com >> dnathreshold: 500 >> dnasharedcfgdn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com >> >> It looks like all my data is missing.... do I need to re-initialize >> the replication? > > Is this your master or a replica? > You can look at the database directly with > dbscan -f /var/lib/dirsrv/slapd-DOMAIN/db/userRoot/id2entry.db4 > you can also export it to ldif with > /var/lib/dirsrv/scripts-DOMAIN/db2ldif -n userRoot -a > /var/lib/dirsrv/slapd-DOMAIN/ldif/mydb.ldif
It's a replica. Luckily the master hasn't been updated yet. I have another replica running Fedora 15 which seems OK as well. The dbscan command looks good, I think. I can see an entry for "rdn: uid=djscott". I ran the export, and got: Exported ldif file: /var/lib/dirsrv/slapd-DOMAIN/ldif/mydb.ldif ldiffile: /var/lib/dirsrv/slapd-DOMAIN/ldif/mydb.ldif [16/Feb/2012:12:37:40 -0500] - export userRoot: Processed 437 entries (100%). [16/Feb/2012:12:37:40 -0500] - All database threads now stopped The ldif file looks good, thanks. Nice to know that the data is all still there. Any ideas why it's not showing up when I query LDAP? Dan _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
