> On 13 Nov 2019, at 08:13, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote: > > > On 11/12/19 4:47 PM, Graham Leggett wrote: >> Hi all, >> >> We have a long standing 389ds master LDAP server that was found to be unable to contact it’s slaves. Most specifically, the slaves show nothing in their logs about any kind of connection, while the master is logging this: >> >> [12/Nov/2019:21:39:47.212715697 +0000] - ERR - slapi_ldap_bind - Could not send bind request for id [(anon)] authentication mechanism [EXTERNAL]: error -1 (Can't contact LDAP server), system error 0 (no error), network error 0 (Unknown error, host “ldap01:636”) >> > What is the bind method of the agreement? SSLCLIENTAUTH? The problem is that the ID is anonymous (anon). So it's not binding correctly to the consumer. What do you have for these attributes in the replication agreement: Hmmm, ldap01:636 also seems like a bad hostname too? > > > > This is what I have: > > dn: cn=blah,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config > > nsDS5ReplicaBindMethod: sslclientauth > nsDS5ReplicaTransportInfo: LDAPS > nsDS5ReplicaBindDN: cn=replication manager,cn=config > > > > Mark > >> Key is "system error 0 (no error)”, which leaves us stumped. The error is obviously “success”. >> >> Has anyone seen this kind of thing before? >> >> This is 389ds running on CentOS7 as follows: >> >> 389-ds-base-1.3.9.1-10.el7.x86_64 >> >> Regards, >> Graham >> — >> >> >> >> >> _______________________________________________ >> 389-users mailing list -- >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> >> To unsubscribe send an email to >> 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > -- > > 389 Directory Server Development Team > > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
