On 7/24/19 4:03 PM, Till Hofmann wrote:
Hi François,
Thanks for the reply!
On 7/24/19 2:32 PM, François Cami wrote:
>>
>> Interestingly, during the setup of the replica, the setup is stuck for quite some
time (~30 minutes) in the step " [1/28]: configuring certificate server
instance". In the ns-slapd log, I can see a lot of the following:
>> INFO - import_monitor_threads - import ipaca: Processed 40105 entries -- average
rate 123.8/sec, recent rate 114.0/sec, hit ratio 100%
>> I'm surprised by the number of entries. I had set up the same host as a
replica in a previous try, but needed to remove it due to another error. May those be
left-overs from the previous replica instance? I didn't see this happening on the
first attempt. Before redoing the setup, I removed the host from the replica set with
`ipa-replica-manage del --force`, from the csreplica with `ipa-csreplica-manage del
--force`, and also deleted the host entry itself with `ipa host-del`. I also uninstalled
the freeipa server on the replica host.
>
> Could you count the actual number of requests records in the o=ipaca
> suffix and examine them?
I'm not exactly sure what you mean (I don't have much experience with
LDAP). Searching for "(objectclass=ipaca*)" gives me 2 results (but I
guess that's not what you meant). On the replica, ns-slapd processed
267358 entries before finishing.
OK, I was looking in the wrong place. The number of request records in
LDAP is 268721. I'm not sure what exactly I should be looking for, but I
don't see anything unusual.
I'm currently looking into the ldap auth config of tomcat, I noticed
that it looks quite different compared to the master instance.
Kind regards,
Till