[389-users] Users unable to change their passwords on replicas

[G]

Greetings!

I have a domain with a single master and four replicas.  Everything is 
working fine and replicas are getting updates, etc...  However, users 
are unable to change their own passwords on hosts bound to the 
replicas.  They are able to change their passwords on hosts bound to the 
master.

_When they attempt to change their password this is what they get:_
/[testpasswd@aurusdl-dns02 ~]$ passwd
Changing password for user testpasswd.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Operations error
Mapping tree node for dc=usdl,dc=gpsocx,dc=gov is set to return a 
referral, but no referral is configured for it
passwd: Permission denied/

_It is hard to capture what is happening in the access log on a replica 
but I think it is this:_
/[30/Jun/2011:10:59:40 -0600] conn=1282 op=4 BIND 
dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov" method=128 version=3
[30/Jun/2011:10:59:40 -0600] conn=1282 op=4 RESULT err=0 tag=97 
nentries=0 etime=0 dn="uid=testpasswd,ou=people,dc=usdl,dc=gpsocx,dc=gov"
[30/Jun/2011:10:59:40 -0600] conn=1282 op=5 MOD 
dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov"
[30/Jun/2011:10:59:40 -0600] conn=1282 op=5 RESULT err=1 tag=103 
nentries=0 etime=0
[30/Jun/2011:10:59:42 -0600] conn=1217 op=-1 fd=66 closed error 11 
(Resource temporarily unavailable) - T1
[30/Jun/2011:10:59:42 -0600] conn=1213 op=-1 fd=96 closed error 11 
(Resource temporarily unavailable) - T1
[30/Jun/2011:10:59:42 -0600] conn=1144 op=-1 fd=86 closed error 11 
(Resource temporarily unavailable) - T1
[30/Jun/2011:10:59:42 -0600] conn=1132 op=-1 fd=78 closed error 11 
(Resource temporarily unavailable) - T1
[30/Jun/2011:10:59:42 -0600] conn=1282 op=7 UNBIND
[30/Jun/2011:10:59:42 -0600] conn=1282 op=7 fd=73 closed - U1
[30/Jun/2011:10:59:42 -0600] conn=1281 op=-1 fd=65 closed - B1/

_I do get this persistent error on my replicas:_
/[30/Jun/2011:10:54:00 -0600] NSMMReplicationPlugin - 
repl_set_mtn_referrals: could not set referrals for replica dc=usdl, 
dc=gpsocx, dc=gov: 1/

This is a pretty busy domain in production.  I've had to rebuild it a 
couple of times and I don't doubt that through these rebuilds something 
got screwy which is causing this issue.

Any help is greatly appreciated!
G
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users