Monday, June 10, 2024

[389-users] Re: Problem with SSL replication

> On 9 Jun 2024, at 02:21, Riss Nicolas <Nicolas.Riss@sdis68.fr> wrote:
>
> Hi,
> I have three 389d server in MMR and I have a replication problem with one of them.
> I'm unable to initialize the replication agrement over TLS with one server that is on a remote location. It works between the two other which are on the same location. I have the following line in the error.log :
> [08/Jun/2024:18:03:20.648989852 +0200] - ERR - factory_destructor - ERROR bulk import abandoned
> [08/Jun/2024:18:03:20.669025629 +0200] - ERR - bdb_import_run_pass - import userRoot: Thread monitoring returned: -23
> [08/Jun/2024:18:03:20.669478537 +0200] - ERR - bdb_public_bdb_import_main - import userRoot: Aborting all Import threads...
> [08/Jun/2024:18:03:26.577068783 +0200] - ERR - bdb_public_bdb_import_main - import userRoot: Import threads aborted.
> [08/Jun/2024:18:03:26.577500221 +0200] - INFO - bdb_public_bdb_import_main - import userRoot: Closing files...
> [08/Jun/2024:18:03:26.778812943 +0200] - ERR - bdb_public_bdb_import_main - import userRoot: Import failed.
> [08/Jun/2024:18:03:26.845658223 +0200] - DEBUG - NSMMReplicationPlugin - consumer_connection_extension_destructor - Aborting total update in progress for replicated area dc=XXXX,dc=XXXX,dc=XX connid=22
> [08/Jun/2024:18:03:26.847637329 +0200] - ERR - process_bulk_import_op - NULL target sdn
> I have try to export/import the database and then activate the replication, it works for a few minutes and then it stops working. Initialising the agrement without TLS is working.
> Version : 2.4.5-1 on OEL9

Given that this server is at a remote location, as a quick check from the remote host can you successfully perform searches against both of the first 2 servers? Basic ldapsearch/ldapwhoami over TLS. That way we can rule out connectivity issues.



--
Sincerely,

William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment