Show Table of Contents
A.7. Troubleshooting Replication
Test replication on at least two servers (see Section 4.6, “Testing the New Replica”). If changes made on one IdM server are not replicated to the other server:
- Make sure you meet the conditions in Section 2.1.3, “Host Name and DNS Configuration”.
- Make sure that both servers can resolve each other's forward and reverse DNS records:
[root@server1 ~]#
dig +short server2.example.com A[root@server1 ~]#dig +short server2.example.com AAAA[root@server1 ~]#dig +short -x server2_IPv4_or_IPv6_address[root@server2 ~]#
dig +short server1.example.com A[root@server2 ~]#dig +short server1.example.com AAAA[root@server2 ~]#dig +short -x server1_IPv4_or_IPv6_address - Make sure that the time difference on both servers is 5 minutes at the most.
- Review the Directory Server error log on both servers:
/var/log/dirsrv/slapd-SERVER-EXAMPLE-COM/errors. - If you see errors related to Kerberos, make sure that the Directory Server keytab is correct and that you can use it to query the other server (
server2in this example):[root@server1 ~]#
kinit -kt /etc/dirsrv/ds.keytab ldap/server1.example.com[root@server1 ~]#klist[root@server1 ~]#ldapsearch -Y GSSAPI -h server1.example.com -b "" -s base[root@server1 ~]#ldapsearch -Y GSSAPI -h server2_FQDN. -b "" -s base
Related Information
- See Section C.2, “Identity Management Log Files and Directories” for descriptions of various Identity Management log files.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.