On 05/13/2015 06:34 PM, Janelle wrote:
On 5/13/15 9:13 AM, Rich Megginson wrote:
On 05/13/2015 10:04 AM, Janelle wrote:
On 5/13/15 8:49 AM, Rich Megginson wrote:
On 05/13/2015 09:40 AM, Janelle wrote:
Recently I started seeing these crop up across my servers:
slapi_ldap_bind - Error: could not bind id [cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config] authentication
mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)
Does that entry exist?
ldapsearch -xLLL -h consumer.host -D "cn=directory manager" -W -s
base -b "cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config"
Does the parent exist?
ldapsearch -xLLL -h consumer.host -D "cn=directory manager" -W -s
base -b "ou=csusers,cn=config"
I am finding that there does seem to be a relation to the above
error and a possible CSN issue:
Can't locate CSN 555131e5000200190000 in the changelog (DB
rc=-30988). If replication stops, the consumer may need to be
reinitialized.
I guess what concerns me is what could be causing this. We don't do
a lot of changes all the time.
And in answer to the question above - we seem to have last the
agreement somehow:
No such object (32)
Is there a DEL operation in the access log for "cn=Replication
Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config"?
maybe something like
# grep DEL /var/log/dirsrv/slapd-INST/access|grep -i "Replication
Manager"
nope -- none of the servers have it.
your original message is very clear:
could not bind id [cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config]
authentication mechanism [SIMPLE]: error 32 (No such object) errno 0
(Success)
this means that you have replication agreement wth SIMPLE auth which uses a
nsDS5ReplicaBindDN: cn=Replication Manager
masterAgreement1-ipa01.example.com-pki-tomcat,ou=csusers,cn=config
which does not exist on the target server of the agreement. Now you say
it was never deleted, so it was probably never added, but used in the
replication agreements. How do you manage and setup replication agreements ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project