On Mon, Feb 16, 2015 at 8:44 AM, Alexander Bokovoy <aboko...@redhat.com> wrote:
> I suspect you've triggered https://fedorahosted.org/freeipa/ticket/4586 > and https://fedorahosted.org/freeipa/ticket/4635 -- slapi-nis plugin > configuration does not limit itself to $SUFFIX and listens to changes in > cn=changelog too so it may deadlock with a replication traffic. > > We fixed these partly by changing slapi-nis configuration, partly by > fixing bugs in 389-ds. > > I wonder if amending your slapi-nis config to avoid triggering internal > searches on cn=changelog would be enough. > > If you have RHEL subscription, please open a case with Red Hat's > support. > > I opened a support case, but unfortunately the IPA server is running on CentOS so no help from the support. Any chance you could share the configuration changes you referred to above? At the moment we cannot even access ipa-replica-manage because it "Can' contact LDAP server". I doubt it has something to do with Kerberos based authentication, as kinit is also really unstable at the moment. Best regards, Thomas
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
