Re: [389-users] Users unable to change their passwords on replicas

Rich Megginson <rmeggins@xxxxxxxxxx> · Thu, 30 Jun 2011 11:23:40 -0600



    On 06/30/2011 11:13 AM, G wrote:
    
      
      Greetings!

      
      I have a domain with a single master and four replicas. 
      Everything is working fine and replicas are getting updates,
      etc...  However, users are unable to change their own passwords on
      hosts bound to the replicas.  They are able to change their
      passwords on hosts bound to the master.  

      
      When they attempt to change their password this is what they
        get:

      [testpasswd@aurusdl-dns02 ~]$ passwd

        Changing password for user testpasswd.

        Enter login(LDAP) password: 

        New UNIX password: 

        Retype new UNIX password: 

        LDAP password information update failed: Operations error

        Mapping tree node for dc=usdl,dc=gpsocx,dc=gov is set to return
        a referral, but no referral is configured for it

        passwd: Permission denied

      
      It is hard to capture what is happening in the access log on a
        replica but I think it is this:

      [30/Jun/2011:10:59:40 -0600] conn=1282 op=4 BIND
        dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov"
        method=128 version=3

        [30/Jun/2011:10:59:40 -0600] conn=1282 op=4 RESULT err=0 tag=97
        nentries=0 etime=0
        dn="uid=testpasswd,ou=people,dc=usdl,dc=gpsocx,dc=gov"

        [30/Jun/2011:10:59:40 -0600] conn=1282 op=5 MOD
        dn="uid=testpasswd,ou=People,dc=usdl,dc=gpsocx,dc=gov"

        [30/Jun/2011:10:59:40 -0600] conn=1282 op=5 RESULT err=1 tag=103
        nentries=0 etime=0

        [30/Jun/2011:10:59:42 -0600] conn=1217 op=-1 fd=66 closed error
        11 (Resource temporarily unavailable) - T1

        [30/Jun/2011:10:59:42 -0600] conn=1213 op=-1 fd=96 closed error
        11 (Resource temporarily unavailable) - T1

        [30/Jun/2011:10:59:42 -0600] conn=1144 op=-1 fd=86 closed error
        11 (Resource temporarily unavailable) - T1

        [30/Jun/2011:10:59:42 -0600] conn=1132 op=-1 fd=78 closed error
        11 (Resource temporarily unavailable) - T1

        [30/Jun/2011:10:59:42 -0600] conn=1282 op=7 UNBIND

        [30/Jun/2011:10:59:42 -0600] conn=1282 op=7 fd=73 closed - U1

        [30/Jun/2011:10:59:42 -0600] conn=1281 op=-1 fd=65 closed - B1

      
      I do get this persistent error on my replicas:

      [30/Jun/2011:10:54:00 -0600] NSMMReplicationPlugin -
        repl_set_mtn_referrals: could not set referrals for replica
        dc=usdl, dc=gpsocx, dc=gov: 1

      
      This is a pretty busy domain in production.  I've had to rebuild
      it a couple of times and I don't doubt that through these rebuilds
      something got screwy which is causing this issue.

    
    Yeah, not sure how this happened.  You can manually set the
    referrals.  See

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Multi_Master_Replication-Configuring_the_Read_Only_Replicas_on_the_Consumer_Servers

    "Current URLs for referrals"

     
      Any help is greatly appreciated!

      G

      
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
    
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users