Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Thank's for a answer,
Hello,
Why I have Errorr 32 Pleasd answer,
Am Samstag, 16. März 2019, 14:37:48 CET schrieb Günther J. Niederwimmer via FreeIPA-users:
Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Thank's for a answer,
Hi,
Can you explain more precisely what you meant by "I change the domain Name" in the original email?
Regards, François Cami
On Thu, Mar 21, 2019 at 12:42 PM Günther J. Niederwimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Why I have Errorr 32 Pleasd answer,
Am Samstag, 16. März 2019, 14:37:48 CET schrieb Günther J. Niederwimmer via FreeIPA-users:
Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Thank's for a answer,
-- mit freundliche Grüßen / best regards,
Günther J. Niederwimmer_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello, Am Donnerstag, 21. März 2019, 17:39:41 CET schrieb François Cami via FreeIPA- users:
Hi,
Can you explain more precisely what you meant by "I change the domain Name" in the original email?
I mean only, I have change my Domain to example.com in the Email, also my domain is xxxxx.xxx and in the mail I wrote example.com.
Regards, François Cami
On Thu, Mar 21, 2019 at 12:42 PM Günther J. Niederwimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Why I have Errorr 32 Pleasd answer,
Am Samstag, 16. März 2019, 14:37:48 CET schrieb Günther J. Niederwimmer via
FreeIPA-users:
Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why
this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Thank's for a answer,
-- mit freundliche Grüßen / best regards,
Günther J. Niederwimmer_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho sted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahost ed.org
On 3/21/19 9:41 PM, Günther J. Niederwimmer via FreeIPA-users wrote:
Hello, Am Donnerstag, 21. März 2019, 17:39:41 CET schrieb François Cami via FreeIPA- users:
Hi,
Can you explain more precisely what you meant by "I change the domain Name" in the original email?
I mean only, I have change my Domain to example.com in the Email, also my domain is xxxxx.xxx and in the mail I wrote example.com.
Regards, François Cami
On Thu, Mar 21, 2019 at 12:42 PM Günther J. Niederwimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Why I have Errorr 32 Pleasd answer,
Am Samstag, 16. März 2019, 14:37:48 CET schrieb Günther J. Niederwimmer via
FreeIPA-users:
Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why
this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Hi,
Can you provide the output of $ ldapsearch -D "cn=directory manager" -W -b cn=config "(objectclass=nsds5replica)"
$ ldapsearch -D cn=directory\ manager -W -b cn=config "(objectclass=nsds5replicationagreement)"
flo
Thank's for a answer,
-- mit freundliche Grüßen / best regards,
Günther J. Niederwimmer_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho sted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahost ed.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On 3/26/19 11:19 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
On 3/21/19 9:41 PM, Günther J. Niederwimmer via FreeIPA-users wrote:
Hello, Am Donnerstag, 21. März 2019, 17:39:41 CET schrieb François Cami via FreeIPA- users:
Hi,
Can you explain more precisely what you meant by "I change the domain Name" in the original email?
I mean only, I have change my Domain to example.com in the Email, also my domain is xxxxx.xxx and in the mail I wrote example.com.
Regards, François Cami
On Thu, Mar 21, 2019 at 12:42 PM Günther J. Niederwimmer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello,
Why I have Errorr 32 Pleasd answer,
Am Samstag, 16. März 2019, 14:37:48 CET schrieb Günther J. Niederwimmer via
FreeIPA-users:
Hello,
I found thousands of Errors in my "dirsrv Log" I mean after update to the last CentOS 7.6, or after I have to reinstall my secondary IPA Server ?
What is the way to correct this mistake Problem?
I have a second pair of IPA Server without this Problem and I can't say why
this is now a Problem!
The Errors are on the "oldest" Server, this Server is upgraded continuous from CentOS 7 to 7.6
Can any help or can say why I now have this Problem?
The Log on the master/replica Server ipa.example.com I change the domain Name
[16/Mar/2019:13:59:39.333399526 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:04:39.497505189 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:09:39.673523056 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:14:39.457745480 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:19:39.435129140 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:24:39.460920984 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object) [16/Mar/2019:14:29:39.687580220 +0100] - ERR - slapi_ldap_bind - Error: could not bind id [cn=Replication Manager cloneAgreement1-ipa1.example.com-pki- tomcat,ou=csusers,cn=config] authentication mechanism [SIMPLE]: error 32 (No such object)
Hi,
Can you provide the output of $ ldapsearch -D "cn=directory manager" -W -b cn=config "(objectclass=nsds5replica)"
$ ldapsearch -D cn=directory\ manager -W -b cn=config "(objectclass=nsds5replicationagreement)"
flo
Thank's for a answer,
-- mit freundliche Grüßen / best regards,
Günther J. Niederwimmer_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho
sted.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahost
ed.org
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi,
from the output sent privately, we can see that the replication for the o=ipaca suffix is configured to use Simple authentication with a bind DN=cn=Replication Manager cloneAgreement1-ipa1.xxx,ou=csusers,cn=config (and this entry does not exist). This is the origin of your issue.
If I recall correctly, the installation of a CA replica is done is multiple phases. It starts with setting replication with simple bind, and then later on switches to replication authentication with SASL/GSSAPI. It looks like this step failed on your replica.
I would try to modify the replication agreement so that it uses SASL/GSSAPI: ldapmodify -D cn=directory\ manager -W dn: cn=masterAgreement1-ipa1.xxx.xxx,cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config changetype: modify replace: nsDS5ReplicaBindMethod nsDS5ReplicaBindMethod: SASL/GSSAPI
then restart dirsrv and check if it fixed your issue. With GSSAPI the replication will use the credentials stored in /etc/dirsrv/ds.keytab to authenticate to the remote master, so you need to make sure that the keytab is available and contains correct keys.
HTH, flo
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
François Cami -
Günther J. Niederwimmer