Kees Bakker writes:
Since I've setup a replica it gives errors like these:
[17/Oct/2017:11:36:55 +0200] slapd_ldap_sasl_interactive_bind - Error: could not perform
interactive bind for id [] mech [GSSAPI]: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information
(Ticket expired)) errno 2 (No such file or directory)
Well, is the ticket expired? Does the ticket even exist? And are the
machine clocks synced?
Perhaps the following is valuable information, perhaps not. The
installation failed at first due to a timeout problem. I've changed
the Python to increase the time, and after that the replica
installation succeeded. I'm able to connect to it (LDAP and web UI),
and new information entered in the master was replicated correctly.
But now I see some clients having Kerberos ticket problems, most
likely because they use the replica, which is not valid anymore.
Should I abandon the replica and reinstall it, and if so, how should I
do that (safely)?
If the replica is not able to bind correctly: yes, it needs to be
abandoned or fixed (someone else who knows should say more in this
area).
Thanks,
--Robbie