A.7. Troubleshooting Replication
Test replication on at least two servers (see Section 4.6, “Testing the New Replica”). If changes made on one IdM server are not replicated to the other server:
- Make sure you meet the conditions in Section 2.1.5, “Host Name and DNS Configuration”.
- Make sure that both servers can resolve each other's forward and reverse DNS records:
[root@server1 ~]# dig +short server2.example.com A [root@server1 ~]# dig +short server2.example.com AAAA [root@server1 ~]# dig +short -x server2_IPv4_or_IPv6_address
[root@server2 ~]# dig +short server1.example.com A [root@server2 ~]# dig +short server1.example.com AAAA [root@server2 ~]# dig +short -x server1_IPv4_or_IPv6_address
- Make sure that the time difference on both servers is 5 minutes at the most.
- Review the Directory Server error log on both servers:
/var/log/dirsrv/slapd-SERVER-EXAMPLE-COM/errors
. - If you see errors related to Kerberos, make sure that the Directory Server keytab is correct and that you can use it to query the other server (
server2
in this example):[root@server1 ~]# kinit -kt /etc/dirsrv/ds.keytab ldap/server1.example.com [root@server1 ~]# klist [root@server1 ~]# ldapsearch -Y GSSAPI -h server1.example.com -b "" -s base [root@server1 ~]# ldapsearch -Y GSSAPI -h server2_FQDN. -b "" -s base
Related Information
- See Section C.2, “Identity Management Log Files and Directories” for descriptions of various Identity Management log files.