Empty ldap on replica

[Anonymous]

This is strange,
i just promoted a fresh 10.4.8 server as an replica to an 10.4.7 server
everything seemd to work, but the ldap on the replica is empty
and kerberos isent running,

PWS log says

Nov 6 2006 21:30:29 SyncDumpData: success.
Nov 6 2006 21:30:29 SYNC PUSH: writing to /var/db/authserver/syncfile1162845029.650680.gz
Nov 6 2006 21:30:29 SYNC PROCESS-NO-REPLY: success
Nov 6 2006 21:30:29 QUIT: {no user} disconnected.
Nov 6 2006 21:35:54 LISTREPLICAS: 10.0.0.12 requested the replica list.
Nov 6 2006 21:35:54 SYNC SESSIONKEY: gmt skew is 0
Nov 6 2006 21:35:54 SYNC PULL: updating 0 records
Nov 6 2006 21:35:54 SYNC PULL: gzip
Nov 6 2006 21:35:54 SyncDumpData: stat file: /var/db/authserver/

PWSE log says

LauchTaskWithIO path = /usr/sbin/kdb5_util, arg1 = dump, arg2 = /var/db/krb5kdc/KerbDumpFileshQcV, status = 1

PWSR says

Nov 6 2006 21:40:14 SYNC PULL: providing data to 10.0.0.12 after 11/06/2006 09:35:54 PM
Nov 6 2006 21:40:15 SYNC PULL: updating 0 records
Nov 6 2006 21:40:19 Keberos database dump failed
Nov 6 2006 21:40:19 updating replica list with on-disk changes

SLAPC log says

2006-11-06 15:30:22 +0100 – 4 Restarting master LDAP server
2006-11-06 15:30:22 +0100 – command: ssh [email protected] /usr/sbin/slapconfig -startldapserver
2006-11-06 15:30:54 +0100 – 5 Updating local replica configuration
2006-11-06 15:30:54 +0100 – Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.
2006-11-06 15:30:54 +0100 – 6 Copying master database to new replica
2006-11-06 15:30:54 +0100 – Removed directory at path /var/db/openldap/openldap-data.
2006-11-06 15:30:54 +0100 – command: scp [email protected]:/var/db/openldap/openldap-data/backup.ldif /var/db/openldap/openldap-data/
2006-11-06 15:33:04 +0100 – LDIF copy failed with status 1
2006-11-06 15:33:04 +0100 – command: scp [email protected]:/etc/openldap/schema /etc/openldap/
2006-11-06 15:35:06 +0100 – schema copy failed with status 1
2006-11-06 15:35:06 +0100 – command: /usr/sbin/slapadd -c -l /var/db/openldap/openldap-data/backup.ldif
2006-11-06 15:35:06 +0100 – slapadd command output:
/var/db/openldap/openldap-data/backup.ldif: No such file or directory
2006-11-06 15:35:06 +0100 – slapadd command failed with status 1
2006-11-06 15:35:06 +0100 – 7 Starting new replica
2006-11-06 15:35:07 +0100 – Starting LDAP server (slapd)
2006-11-06 15:35:08 +0100 – 8 Starting replicator on master server
2006-11-06 15:35:08 +0100 – command: ssh [email protected] /usr/sbin/slapconfig -startreplicator
2006-11-06 15:37:27 +0100 – ssh command failed with status 255
2006-11-06 15:37:27 +0100 – command failed with status 255
2006-11-06 15:37:27 +0100 – Authentication to LDAP failed with error -14090 (eDSAuthFailed)
2006-11-06 15:37:27 +0100 – sso_util command failed with status 2
2006-11-06 15:37:27 +0100 – 9 Enabling password server replication
2006-11-06 15:37:27 +0100 – command: /usr/sbin/NeST -setupreplica 10.0.0.12 diradmin ****
2006-11-06 15:37:57 +0100 – NeST command output:

Workaround Bonjour: Unknown error: 0
2006-11-06 15:37:57 +0100 – 10 Enabling local Kerberos server
2006-11-06 15:37:57 +0100 – No Kerberos realm name found.
2006-11-06 15:37:57 +0100 – command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2006-11-06 15:37:57 +0100 – vpnaddkeyagentuser command failed with status 200

[Anonymous]

well it seems like the ldif import failed
is it a bad idea to do a manual slapadd on the replica ?

[Anonymous]

the monolog continues 🙂

slapadd worked
but kerberos is still not working

we are hanging here.

kpropd ?
or start over with slapconfig -destroyreplica , slapconfig -createreplica

[Anonymous]

no errors in DNS and SSH configuration.
well i will try to destroy,create it later

[schoun]

Try killing your ODM’s IP address in the known_hosts file. ssh could be failing to connect because of bad keys.

[hjenkins]

I had a similar problem when creating my master using Link Aggregation. Disabling the aggreation seemed to help me.

[Author]

Posts