Re: Replication error: network error 0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07 May 2020, at 18:51, Graham Leggett <minfrin@xxxxxxxx> wrote:

> I have two servers, an older CentOS7 server running 389-ds-base-1.3.10.1-5.el7, and a newer CentOS8 server running 389-ds-base-1.4.1.3-7.module_el8.1.0+234+96aec258, and I want to set up multi-master-replication between them.
> 
> The replication agreement for CentOS7-> CentOS8 works great, replication is working fine.
> 
> The replication agreement for CentOS8 -> CentOS7 doesn’t work, giving the following strange error:
> 
> [07/May/2020:18:42:59.201795217 +0200] - ERR - slapi_ldap_bind - Could not send bind request for id [cn=Replication Manager,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 0 (Unknown error, host “x.x.x:636”)
> 
> At the core of the above message is "network error 0”, otherwise known as “success”.
> 
> Does this ring a bell with anyone?

Some googling sees me unearth this worrying thread: https://pagure.io/389-ds-base/issue/47536

Quite a while back I spent an enormous amount of debugging time on an Ubuntu version of 389ds that refused point blank to replicate. We eventually discovered an awful bug where 389ds had been bound to two competing SSL libraries, GnuTLS and NSS, and 389ds was passing NSS parameters (directory paths) to GnuTLS, which was silently failing and then eating error messages. We concluded Ubuntu was too broken to fix in any reasonable time and moved all LDAP servers to CentOS7, which worked.

Doing an ldd /usr/sbin/ns-slapd shows that on CentOS8 389ds is linked to both NSS and OpenSSL, which looks worryingly like the same bug has crept into CentOS8.

Anyone have any details?

Regards,
Graham
—

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux