Re: SSL replication error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 05/08/2018 04:47 PM, Michal Medvecky wrote:
>
>> On 8 May 2018, at 17:45, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:
>>
>>
>>
>> On 05/07/2018 08:00 AM, Michal Medvecky wrote:
>>> [07/May/2018:13:51:13 +0200] slapi_ldap_bind - Error: could not send bind request for id [cn=MasterMasterReplicationManager,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "ldap-master-b02.mydomain.com:636”)
>> Is there anything else the errors log?  What about the access log on:
>> ldap-master-b02.mydomain.com? 
> No, absolutely no error log.
Then where did the above error message come from?  :-)  Usually there
are a few more messages when replication fails to connect to a consumer.

You should also see "something" in the consumer's access log.

Under cn=config, what is "nsslapd-ssl-check-hostname" set to?  Try
setting it to "off" to see if it makes a difference.

If that still doesn't help enable connection and replication verbose
error logging:

   
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/core_server_configuration_reference#cnconfig-nsslapd_errorlog_level_Error_Log_Level

    Set "nsslapd-errorlog-level" to 8200

    Fyi, 8 (conn logging) + 8192 (repl logging) = 8200, then when you
are done set it to zero or simply remove the attribute.

Then send that output please.

Thanks,
Mark




>  I can send you tcpdump :)
>
>> Personally I have not seen this exact
>> error, but I don't see anything that says it's SSL specific.  If you
>> change the agreement to use LDAP instead of SSL does it work?
> Yes, I’m actually modifying my previously working plain replication Ansible playbook to SSL-enabled…
>
> Michal
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux