zwolfinger@campaignmonitor.com wrote:
On September 10, 2018 at 1:16:20 PM, Rob Crittenden (rcritten@redhat.com mailto:rcritten@redhat.com) wrote:
Zak Wolfinger via FreeIPA-users wrote:
Please Help! Running FreeIPA 4.5.4 under Centos 7. We have 3 FreeIPA replicas called auth01, auth02, and auth03. All are masters. Auth02 and Auth03 replicate to / from Auth01 only. Auth01 is DOWN. When I try to start it, here is what I see: # ipactl start Existing service file detected! Assuming stale, cleaning and proceeding Starting Directory Service Failed to read data from service file: Unknown error when retrieving list of services from LDAP: [Errno 22] Invalid argument Shutting down I’m not seeing anything obvious in the logs files, no am I finding anything interesting on that error message via google. Can anyone help me troubleshoot this, please?
Try starting dirsrv manually using systemctl.
rob
Thanks rob, I get this:
/bin/systemctl start dirsrv@INT.service
[root@auth01 ~]#
[root@auth01 ~]# ipactl status
Unknown error when retrieving list of services from LDAP: [Errno 22] Invalid argument
[root@auth01 ~]# ps aux | grep dirsrv
dirsrv 21957 64.6 0.8 1541076 141044 ? Ssl 13:42 0:49 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-INT -i /var/run/dirsrv/slapd-INT.pid
What it's doing here is waiting for the port to accept connections and then trying to find the list of services.
I'd start by looking at the access log in /var/log/dirsrv/slapd-INT/access to see what the last set of queries was and what the response(s) were.
You can try duplicating that search ipactl is doing from the commandline:
$ ldapsearch -x -D 'cn=directory manager' -W -b cn=`hostname`,cn=masters,cn=ipa,cn=etc,dc=example,dc=com "(ipaConfigString=enabledService)" cn ipaConfigString
rob
What it's doing here is waiting for the port to accept connections and then trying to find the list of services.
I'd start by looking at the access log in /var/log/dirsrv/slapd-INT/access to see what the last set of queries was and what the response(s) were.
You can try duplicating that search ipactl is doing from the commandline:
$ ldapsearch -x -D 'cn=directory manager' -W -b cn=`hostname`,cn=masters,cn=ipa,cn=etc,dc=example,dc=com "(ipaConfigString=enabledService)" cn ipaConfigString
Rob, thank you so much for your help! I was able to individually start dirsrv, krb5kdc and kadmin. Below is the ldapsearch of services. I’m still getting and “unknown error….invalid argument” when I do an "ipactl status” Is it possible that something in the returned service data is causing it to puke?
[root@auth01 slapd-INT]# ldapsearch -x -D 'cn=directory manager' -W -b cn='auth01',cn=masters,cn=ipa,cn=etc,dc=INT "(ipaConfigString=enabledService)" cn ipaConfigString
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=auth01,cn=masters,cn=ipa,cn=etc,dc=INT> with scope subtree
# filter: (ipaConfigString=enabledService)
# requesting: cn ipaConfigString
#
# CA, auth01, masters, ipa, etc, int
dn: cn=CA,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: CA
ipaConfigString: enabledService
ipaConfigString: startOrder 50
ipaConfigString: caRenewalMaster
# KDC, auth01, masters, ipa, etc, int
dn: cn=KDC,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: KDC
ipaConfigString: startOrder 10
ipaConfigString: enabledService
ipaConfigString: kdcProxyEnabled
# KPASSWD, auth01, masters, ipa, etc, int
dn: cn=KPASSWD,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: KPASSWD
ipaConfigString: enabledService
ipaConfigString: startOrder 20
# MEMCACHE, auth01, masters, ipa, etc, int
dn: cn=MEMCACHE,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: MEMCACHE
ipaConfigString: startOrder 39
ipaConfigString: enabledService
# HTTP, auth01, masters, ipa, etc, int
dn: cn=HTTP,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: HTTP
ipaConfigString: startOrder 40
ipaConfigString: enabledService
# OTPD, auth01, masters, ipa, etc, int
dn: cn=OTPD,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: OTPD
ipaConfigString: startOrder 80
ipaConfigString: enabledService
# ADTRUST, auth01, masters, ipa, etc, int
dn: cn=ADTRUST,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: ADTRUST
ipaConfigString: startOrder 60
ipaConfigString: enabledService
# EXTID, auth01, masters, ipa, etc, int
dn: cn=EXTID,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: EXTID
ipaConfigString: startOrder 70
ipaConfigString: enabledService
# NTP, auth01, masters, ipa, etc, int
dn: cn=NTP,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: NTP
ipaConfigString: startOrder 45
ipaConfigString: enabledService
# KEYS, auth01, masters, ipa, etc, int
dn: cn=KEYS,cn=auth01,cn=masters,cn=ipa,cn=etc,dc=int
cn: KEYS
ipaConfigString: startOrder 41
ipaConfigString: enabledService
# search result
search: 2
result: 0 Success
# numResponses: 11
# numEntries: 10
freeipa-users@lists.fedorahosted.org
-
Rob Crittenden -
zwolfinger@campaignmonitor.com