On 06/11/2017 01:49 PM, Adrian HY via FreeIPA-users wrote: > I think I detected the problem. The error log in the replica writes: > > *[11/Jun/2017:13:36:06.360241021 -0400] SASL encrypted packet length > exceeds maximum allowed limit (length=2483849, limit=2097152). Change > the nsslapd-maxsasliosize attribute in cn=config to increase limit.* > * > [11/Jun/2017:13:36:06.361177815 -0400] ERROR bulk import abandoned > > * > According this: > (https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/pdf/Configuration_and_Command-Line_Tool_Reference/Red_Hat_Directory_Server-8.2-Configuration_and_Command-Line_Tool_Reference-en-US.pdf) > > "When an incoming SASL IO packet is larger than the > nsslapd-maxsasliosize limit, the server immediately disconnects the > client and logs a message to the error log, so that an administrator > can adjust the setting if necessary" > > The problem now is how can I change the value of the attribute during > replication. You just use ldapmodify to change the value on each replica:
# ldapmodify -D "cn=directory manager" -W dn: cn=config changetype: modify replace: nsslapd-maxsasliosize nsslapd-maxsasliosize: YOUR_NEW_VALUE > > Regards. > > On Sun, Jun 11, 2017 at 2:20 AM, Adrian HY <ayeja...@gmail.com > <mailto:ayeja...@gmail.com>> wrote: > > Hi folks, I had a problem with replication and I tried to add the > slave back to the replica. The process stops in the initial > replication phase. > > The firewall and selinux are down and both servers are > synchronized with the time. > > Centos 7.3 > Freeipa 4.4.0-14 > > *Master error log:* > > 11/Jun/2017:01:11:45.690402715 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Replication bind with GSSAPI auth failed: > LDAP error 49 (Invalid credentials) () > [11/Jun/2017:01:11:45.690877649 -0400] NSMMReplicationPlugin - > Warning: unable to acquire replica for total update, error: 49, > retrying in 1 seconds. > [11/Jun/2017:01:11:46.966060891 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Replication bind with GSSAPI auth resumed > [11/Jun/2017:01:11:47.095800971 -0400] NSMMReplicationPlugin - > Beginning total update of replica > "agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" (usuarios-replica:389)". > [11/Jun/2017:01:12:06.873713837 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Failed to send extended operation: LDAP > error -1 (Can't contact LDAP server) > [11/Jun/2017:01:12:06.874590112 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Received error -1 (Can't contact LDAP > server): for total updat > e operation > [11/Jun/2017:01:12:06.874950648 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Warning: unable to send endReplication > extended operation (Can' > t contact LDAP server) > [11/Jun/2017:01:12:06.875217640 -0400] NSMMReplicationPlugin - > Total update failed for replica > "agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389)", error (-11) > [11/Jun/2017:01:12:06.894882383 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): Replication bind with GSSAPI auth resumed > [11/Jun/2017:01:12:06.905304992 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): The remote replica has a different > database generation ID than > the local database. You may have to reinitialize the remote > replica, or the local replica. > [11/Jun/2017:01:12:09.912282245 -0400] NSMMReplicationPlugin - > agmt="cn=meTousuarios-replica.ipa.server.com > <http://meTousuarios-replica.ipa.server.com>" > (usuarios-replica:389): The remote replica has a different > database generation ID than > the local database. You may have to reinitialize the remote > replica, or the local replica. > > *Client ipareplica-install.log:* > > 2017-06-11T05:24:24Z DEBUG stderr= > 2017-06-11T05:24:24Z DEBUG wait_for_open_ports: localhost [389] > timeout 300 > 2017-06-11T05:24:24Z DEBUG Fetching nsDS5ReplicaId from master > [attempt 1/5] > 2017-06-11T05:24:24Z DEBUG flushing > ldap://usuarios.ipa.server.com:389 > <http://usuarios.ipa.server.com:389> from SchemaCache > 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache > url=ldap://usuarios.ipa.server.com:389 > <http://usuarios.ipa.server.com:389> > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x86909e0> > 2017-06-11T05:24:24Z DEBUG Successfully updated nsDS5ReplicaId. > 2017-06-11T05:24:24Z DEBUG flushing > ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket from SchemaCache > 2017-06-11T05:24:24Z DEBUG retrieving schema for SchemaCache > url=ldapi://%2fvar%2frun%2fslapd-IPA.SERVER.COM.socket > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e74440> > 2017-06-11T05:24:46Z DEBUG Traceback (most recent call last): > File > "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 416, in __setup_replica > repl.setup_promote_replication(self.master_fqdn) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1643, in setup_promote_replication > raise RuntimeError("Failed to start replication") > RuntimeError: Failed to start replication > > 2017-06-11T05:24:46Z DEBUG [error] RuntimeError: Failed to start > replication > 2017-06-11T05:24:46Z DEBUG Destroyed connection > context.ldap2_101192976 > 2017-06-11T05:24:46Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line > 171, in execute > return_value = self.run() > File > "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line > 318, in run > cfgr.run() > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 310, in run > self.execute() > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 332, in execute > for nothing in self._executor(): > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File > "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 586, in _configure > next(executor) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 372, in __runner > self._handle_exception(exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 449, in _handle_exception > self.__parent._handle_exception(exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 446, in _handle_exception > super(ComponentBase, self)._handle_exception(exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 394, in _handle_exception > six.reraise(*exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 362, in __runner > step() > File > "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line > 359, in <lambda> > step = lambda: next(self.__gen) > File > "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 81, in run_generator_with_yield_from > six.reraise(*exc_info) > File > "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line > 59, in run_generator_with_yield_from > value = gen.send(prev_value) > File > "/usr/lib/python2.7/site-packages/ipapython/install/common.py", > line 63, in _install > for nothing in self._installer(self.parent): > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1722, in main > promote(self) > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 372, in decorated > func(installer) > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 1423, in promote > promote=True, pkcs12_info=dirsrv_pkcs12_info) > File > > "/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py", > line 135, in install_replica_ds > api=remote_api, > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 401, in create_replica > self.start_creation(runtime=60) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 449, in start_creation > run_step(full_msg, method) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 439, in run_step > method() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", > line 416, in __setup_replica > repl.setup_promote_replication(self.master_fqdn) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", > line 1643, in setup_promote_replication > raise RuntimeError("Failed to start replication") > > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
