Hide Forgot
Created attachment 1201574 [details] ipamaster1.dirsrv.errors.log Description of problem: If user tries to install replica from an existing replica server then IPA replica installation fails with following error [27/44]: retrieving DS Certificate [28/44]: restarting directory server [29/44]: setting up initial replication Starting replication, please wait until this has completed. Update in progress, 15 seconds elapsed [ipareplica1.testrelm.test] reports: Update failed! Status: [-1 - LDAP error: Can't contact LDAP server] [error] RuntimeError: Failed to start replication Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(Replica): ERROR Failed to start replication ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information Version-Release number of selected component (if applicable): ipa-server-4.4.0-11.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install IPA server 2. Install IPA replica 1 3. Install IPA replica 2 using IPA replica 1 as master server Actual results: Installation fails with LDAP error Expected results: Installation should be successful. Additional info: Seen "Permission Denied" messages in Dirsrv Error log.
Created attachment 1201575 [details] ipa-replica-install.log
Could you attach also directory server error and access log from both master(replica 1) and replica(replica 2)?
Created attachment 1201583 [details] console logs tar.gz
I just tried to reproduce with ipa-server.x86_64 4.4.0-12.el7 but it works fine. If you still can reproduce the failure, can you give the exact commands, with all options, you are using
Unable to reproduce using IPA version :: ipa-server-4.4.0-12.el7.x86_64 Closing BZ as WORKSFORME